Bug #62: ikev2 missing rekeying support not recognised - strongSwan

Bug #62

ikev2 missing rekeying support not recognised

Added by Martin Willi about 11 years ago. Updated about 11 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Martin Willi

Category:

charon

Target version:

4.2.9

Start date:

Due date:

Estimated time:

Affected version:

5.8.1

Resolution:

Description

When talking to a peer that does not support rekeying, charon fails to act correctly when receiving a NO_ADDITIONAL_SAS notify payload. Debug output reports that such packets(IKE_REKEY response with single NTFY payload) are discarded because of missing payloads(SA,KE,AUTH).

The correct handling would be to cancel the scheduled rekeying attempt, negotiate a new IKE_SA + Child_SAs and delete the old ones once expired or new ones are established.

History

#1 Updated by Martin Willi about 11 years ago

Status changed from New to Assigned

#2 Updated by Martin Willi about 11 years ago

Status changed from Assigned to Closed
Affected version set to fixed

Fixed for IKE_SA rekeing r4658 and CHILD_SA rekeing r4659.

Also available in: Atom PDF

Project

General

Profile

strongSwan

Issues

New issues

Bug #62

ikev2 missing rekeying support not recognised

History

#1 Updated by Martin Willi about 11 years ago

#2 Updated by Martin Willi about 11 years ago