Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New advanced setting required for StrongSwan 5.3 [RFC7296]

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MrMoo
      last edited by

      duplicate question: [ [url=https://forum.pfsense.org/index.php?topic=92453.0]2.2.2 Make-before-Break ]
      With the 5.3.0 release:

      Added support for IKEv2 make-before-break reauthentication. By using a global
      CHILD_SA reqid allocation mechanism, charon supports overlapping CHILD_SAs.
      This allows the use of make-before-break instead of the previously supported
      break-before-make reauthentication, avoiding connectivity gaps during that
      procedure. As the new mechanism may fail with peers not supporting it (such
      as any previous strongSwan release) it must be explicitly enabled using
      the charon.make_before_break strongswan.conf option.

      https://wiki.strongswan.org/projects/1/wiki/StrongswanConf

      Alas support cannot be toggled per connection.

      Here is related bug report of interest for interop support:

      https://wiki.strongswan.org/issues/857

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Already there with 2.2.3 snapshots.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.