<div dir="ltr">
















<p class="MsoNormal"><span style="font-size:11pt">Hi,</span></p><p class="MsoNormal"><br></p><p class="MsoNormal"><span style="font-size:11pt"><br></span></p><p class="MsoNormal"><span style="font-size:11pt">Setup Details:<span></span></span></p>

<p class="MsoNormal"><span style="font-size:11pt"><span>============= </span></span></p>

<p class="MsoNormal"><span style="font-size:11pt">Host1         ======================                   Host2<span></span></span></p>

<p class="MsoNormal"><span style="font-size:11pt">[auto=add]                                                              
[auto=start]<span></span></span></p>

<p class="MsoNormal"><span style="font-size:11pt"><span> </span></span></p><p class="MsoNormal"><span style="font-size:11pt"><span><br></span></span></p>

<p class="MsoNormal"><span style="font-size:11pt">Both hosts are Ubuntu machines.
Intentionally configured auto=add on Host1, because I do not want any
initiation request from Host1.<span></span></span></p>

<p class="MsoNormal"><span style="font-size:11pt"><span> </span></span></p>

<p class="MsoNormal"><span style="font-size:11pt">When I enable(start) ipsec on
Host2, IKE and CHILD_SA established between Host1 and Host2.<span></span></span></p>

<p class="MsoNormal"><span style="font-size:11pt"><span> </span></span></p>

<p class="MsoNormal"><span style="font-size:11pt">Then, did “ipsec stop” and “ipsec
start” on Host1, when ipsec stop is executed, DELETE payload was sent to Host2,
and Host2 deleted IKE and CHILD SA.<span></span></span></p>

<p class="MsoNormal"><span style="font-size:11pt"><span> </span></span></p>

<p class="MsoNormal"><span style="font-size:11pt">As auto=add is configured on
Host1, no negotiation is started from Host1 , and Host2 flushed its SAs, it
also did not start the negotiation. <span></span></span></p>

<p class="MsoNormal"><span style="font-size:11pt"><span> </span></span></p>

<p class="MsoNormal"><span style="font-size:11pt">Tried closeaction, but for
every rekey , upon deletion of closing old SA, new SA is getting triggered.
With shorter lifetimes, there are frequent SAs getting created.<span></span></span></p>

<p class="MsoNormal"><span style="font-size:11pt"><span> </span></span></p>

<p class="MsoNormal"><span style="font-size:11pt">Is there any other option in
strongswan to restart one new  negotiation when Delete Payload is received?<span></span></span></p>

<p class="MsoNormal"><span style="font-size:11pt"><span> </span></span></p>

<p class="MsoNormal"><span style="font-size:11pt">Thanks for the help.<span></span></span></p>

<p class="MsoNormal"><span style="font-size:11pt"><span> </span></span></p>

<p class="MsoNormal"><span style="font-size:11pt">-Bhargav<span></span></span></p>

<div><br></div><div><br></div><div><br clear="all"><div><br></div><br><div class="gmail_signature"><div><font color="#282828" size="2" face="Calibri"><span style="color:rgb(40,40,40);font-size:11pt"></span></font></div></div>
</div></div>