Support Center > Search Results > SecureKnowledge Details
VPN Site to Site with StrongSwan fails Technical Level
Symptoms
  • VPN Site To Site with StrongSwan (mobile router using Linux with IPSec implementation) fails.
  • Unstable VPN connection between the VPN peers.
  • Security Gateway not able to create new keys with StrongSwan.
Cause

There is a known issue with Strongswan that it only stores (and uses) keys that are re-keys of existing keys.

There are even scenarios when Strongswan peer itself starts a new Phase 2 exchange but never stores the exchanged keys because they are not re-keys of existing key and then we are not able to decrypt the traffic encrypted with the new keys.


Solution
Note: To view this solution you need to Sign In .