Project

General

Profile

Bug #62

ikev2 missing rekeying support not recognised

Added by Martin Willi almost 11 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
charon
Target version:
Start date:
Due date:
Estimated time:
Affected version:
5.8.0
Resolution:

Description

When talking to a peer that does not support rekeying, charon fails to act correctly when receiving a NO_ADDITIONAL_SAS notify payload. Debug output reports that such packets(IKE_REKEY response with single NTFY payload) are discarded because of missing payloads(SA,KE,AUTH).

The correct handling would be to cancel the scheduled rekeying attempt, negotiate a new IKE_SA + Child_SAs and delete the old ones once expired or new ones are established.

History

#1 Updated by Martin Willi over 10 years ago

  • Status changed from New to Assigned

#2 Updated by Martin Willi over 10 years ago

  • Status changed from Assigned to Closed
  • Affected version set to fixed

Fixed for IKE_SA rekeing r4658 and CHILD_SA rekeing r4659.

Also available in: Atom PDF