[Swan-dev] interop-ikev2-strongswan-35-initiator-rekey not working

Paul Wouters paul at nohats.ca
Fri Feb 28 05:06:51 UTC 2020

It seems interop-ikev2-strongswan-35-initiator-rekey is not working.

The config file has commented out values for "timer based rekey" and
the shell script has commented out values for "command based rekey".
Due to that, the reference output does not show traces of rekey.
So this test never seems to actually do a rekey against strongswan.

When I changed it to timer based rekey, because according to comments,
3.29 rekey command is broken, I still do not see strongswan rejecting
anything bad if west is libreswan 3.29 or 3.30. I was epxecting the
test to succeed for 3.29 and fail for 3.30.

I was hoping to confirm my patch to be stricter about address family
check in TS TYPE using this test, but I can't seem to make this test
work to ever show a failure during rekey over a bad address family
towards strongswan.


More information about the Swan-dev mailing list