[Swan] reauth option

Vukasin Karadzic vukasin.karadzic at gmail.com
Thu Aug 29 18:08:29 UTC 2019


that option should enable using reauthentication of IKE SAs instead of
rekeying them
as per RFC7296 Section 2.8.3 (
when libreswan is the initiator of rekeying (that is, reauthentication in
this case).
And yes, it isn't documented in man pages.

Don't know if that will help you solve your problem.


чет, 29. авг 2019. у 15:01 John Crisp <jcrisp at safeandsoundit.co.uk> је

> Hi,
> My connections from Endian -> Libre drop every week (I think when the
> logs rotate and some services restart)
> I has been suggested by Endian (using Strongswan) that apparently I
> should set 'reauth' in my Libreswan setup.
> However, I cannot see that as an option in the man page?
> Oddly enough I noticed while messing about that if I add it to the
> ipsec.conf file it passes muster with ipsec verify !!
> grep reauth /etc/ipsec.d/ipsec.conf
>     reauth=yes
> ipsec verify
> Verifying installed system and configuration files
> Version check and ipsec on-path                         [OK]
> Libreswan 3.29 (netkey) on 2.6.32-754.18.2.el6.x86_64
> Checking for IPsec support in kernel                    [OK]
>  NETKEY: Testing XFRM related proc values
>          ICMP default/send_redirects                    [OK]
>          ICMP default/accept_redirects                  [OK]
>          XFRM larval drop                               [OK]
> Pluto ipsec.conf syntax                                 [OK]
> Blah....
> Any suggestions?
> B. Rgds
> John
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20190829/8958a9af/attachment.html>

More information about the Swan mailing list