Bug #62
ikev2 missing rekeying support not recognised
Start date:
Due date:
Estimated time:
Affected version:
5.8.1
Resolution:
Description
When talking to a peer that does not support rekeying, charon fails to act correctly when receiving a NO_ADDITIONAL_SAS notify payload. Debug output reports that such packets(IKE_REKEY response with single NTFY payload) are discarded because of missing payloads(SA,KE,AUTH).
The correct handling would be to cancel the scheduled rekeying attempt, negotiate a new IKE_SA + Child_SAs and delete the old ones once expired or new ones are established.
History
#1 Updated by Martin Willi about 11 years ago
- Status changed from New to Assigned
#2 Updated by Martin Willi about 11 years ago
- Status changed from Assigned to Closed
- Affected version set to fixed
Fixed for IKE_SA rekeing r4658 and CHILD_SA rekeing r4659.