Comment 4 for bug 1979044

Hi there,

Sorry for replying late.
Basically, my problem was the VPN connection problem with the Juniper devices.
Strongswan wants to call rekey job for CHILD_SA every 20 minutes after connection starts. The problem occurs when strongswan call rekey job for CHILD_SA. The connection is active. But there is no traffic (ping or mtr). In different tests, the rekey=no option was solving the problem. However, as I mentioned in the Description, this cannot be a default option between two openstack private networks.

After reporting the problem to you, I continued my investigations. I kept trying different ipsec parameters. I was using IKEv2 when this issue occurred. The same problem did not occur when I used IKEv1.

My conclusion is that Juniper devices and strongswan (just with multi-subnets or Traffic-selectors) do not agree with the IKEv2 protocol.

Ref: https://wiki.strongswan.org/issues/945
I'm sorry if I took up your precious time.