<div dir="ltr"><div>Hi,<br></div><div><br></div><div>that option should enable using reauthentication of IKE SAs instead of rekeying them<br></div><div>as per RFC7296 Section 2.8.3 (<a href="https://tools.ietf.org/html/rfc7296#section-2.8.3.">https://tools.ietf.org/html/rfc7296#section-2.8.3.</a>),</div><div>when libreswan is the initiator of rekeying (that is, reauthentication in this case).</div><div>And yes, it isn't documented in man pages.</div><div><br></div><div>Don't know if that will help you solve your problem.</div><div><br></div><div>Regards,</div><div>Vukasin<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">чет, 29. авг 2019. у 15:01 John Crisp <<a href="mailto:jcrisp@safeandsoundit.co.uk">jcrisp@safeandsoundit.co.uk</a>> је написао/ла:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br>
<br>
My connections from Endian -> Libre drop every week (I think when the<br>
logs rotate and some services restart)<br>
<br>
I has been suggested by Endian (using Strongswan) that apparently I<br>
should set 'reauth' in my Libreswan setup.<br>
<br>
However, I cannot see that as an option in the man page?<br>
<br>
Oddly enough I noticed while messing about that if I add it to the<br>
ipsec.conf file it passes muster with ipsec verify !!<br>
<br>
grep reauth /etc/ipsec.d/ipsec.conf<br>
    reauth=yes<br>
<br>
ipsec verify<br>
Verifying installed system and configuration files<br>
<br>
Version check and ipsec on-path                         [OK]<br>
Libreswan 3.29 (netkey) on 2.6.32-754.18.2.el6.x86_64<br>
Checking for IPsec support in kernel                    [OK]<br>
 NETKEY: Testing XFRM related proc values<br>
         ICMP default/send_redirects                    [OK]<br>
         ICMP default/accept_redirects                  [OK]<br>
         XFRM larval drop                               [OK]<br>
Pluto ipsec.conf syntax                                 [OK]<br>
Blah....<br>
<br>
Any suggestions?<br>
<br>
B. Rgds<br>
John<br>
_______________________________________________<br>
Swan mailing list<br>
<a href="mailto:Swan@lists.libreswan.org" target="_blank">Swan@lists.libreswan.org</a><br>
<a href="https://lists.libreswan.org/mailman/listinfo/swan" rel="noreferrer" target="_blank">https://lists.libreswan.org/mailman/listinfo/swan</a><br>
</blockquote></div></div>