strongSwan KVM Tests / ikev2 / reauth-late
Test ikev2/reauth-late
Description
This scenario tests repeated authentication according to RFC 4478. The initiator carol sets a short reauth_time=20s but the responder moon defining a much larger reauth_time=60m proposes this value via an AUTH_LIFETIME notification to the initiator as it can't initiate the reauthentication itself due to the virtual IP address. The initiator ignores this notification and schedules the IKE reauthentication at its configured time. A ping from carol to client alice hiding in the subnet behind moon tests if the CHILD_SA has been recreated under the new IKE_SA.