[strongSwan] Pluto clears SAD and SPD on exit
Andreas Steffen
andreas.steffen at strongswan.org
Mon Nov 8 21:13:33 CET 2010
Привет Владимир,
pluto has been rather ruthless concerning the flushing of all
XFRM policies and states from the very beginning, because the daemon
is not able to keep a total track of its own IPsec policies and security
associations. If you want to disable the flushing you can remove
the starter_netkey_cleanup() call in starter.c (implemented in
starter/netkey.c):
http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/starter/starter.c;h=c3ba54f1d3a52c90382d6951c5e22b105fbfb64c;hb=HEAD#l430
Regards
Andreas
On 08.11.2010 19:00, Владимир Подобаев wrote:
> Hello.
>
> We are using IKEv1 and also we install some our xfrm policies and states (not
> related to pluto). When pluto finishes - it clears not only its own SAs and
> SPs, but ours also.
> Is it possible to force Pluto not to clear foreign policies on exit?
> Or can you show us where we should patch the Pluto code? On first glance we
> couldn't find where Pluto flushes all policies and states. Maybe somehow
> it thinks the foreign policies to be its own and clears them by mistake?
> To reproduce the situation we've added our policies, then started pluto
> (without any connections), then shut down pluto. And all our policies and SAs
> were wiped out.
>
> Great thanks in advance!
>
> Best regards, Vladimir
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list