[strongSwan] Charon: Limit the Number of SAs that can be created with same Traffic Selectors

Sajal Malhotra sajalmalhotra at gmail.com
Tue Dec 7 07:15:38 CET 2010 

Hi Andreas,

Thanks for the prompt response.
We are using a pretty old version 4.2.8 :(
Do you have any patch available for this fix. Or can you just hint us on the
source code files where we can look for the change.
It would be a great help.


Thanks and Regards
Sajal Malhotra



On Mon, Dec 6, 2010 at 6:06 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:

> Hi Sajal,
>
> which strongSwan version are you using? We had some rekeying
> problems in the past, where multiple IKE and CHILD SAs were
> established over time. In newer version though, usually only
> one SA with a given traffic selector is installed or there
> might be at the most two IKE_SAs and corresponding CHILD_SAs
> if both sides initiate simultaneously with auto=start.
>
> Regards
>
> Andreas
>
> On 06.12.2010 12:21, Sajal Malhotra wrote:
> > Hi,
> >
> > I am using Strongswan Charon (IKEv2) stack. Just wanted to know if there
> > is *any limit *that we can put on the number of CHILD SAs that can be
> > created using the *same Traffic Selectors.*
> > Actually I have a limited memory in my system and hence cannot afford to
> > have uncountable SAs being created with same TS.
> >
> > Also, what is the handling done by charon if the kernel returns failure
> > because it is unable to install SAD or SPD due to insufficient  memory
> > space.
> >
> > Is there a way to stop charon from creating multiple CHILD SA with same
> TS
> >
> > Thanks and Regards
> > Sajal
>
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101207/e372b3b0/attachment.html>

More information about the Users mailing list