<div dir="ltr">Hi,<div><br></div><div>Can someone please reply to below query.</div><div><br></div><div>Thanks for the help.</div><div><br></div><div>-Bhargav</div><div><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">bhargav p</b> <span dir="ltr"><<a href="mailto:bhargav.1226@gmail.com">bhargav.1226@gmail.com</a>></span><br>Date: Wed, Aug 23, 2017 at 10:01 AM<br>Subject: Help needed for problem when auto= add configured.<br>To: <a href="mailto:users@lists.strongswan.org">users@lists.strongswan.org</a><br><br><br><div dir="ltr">

<p class="MsoNormal"><span style="font-size:11pt">Hi,</span></p><p class="MsoNormal"><br></p><p class="MsoNormal"><span style="font-size:11pt"><br></span></p><p class="MsoNormal"><span style="font-size:11pt">Setup Details:<span></span></span></p>

<p class="MsoNormal"><span style="font-size:11pt"><span>============= </span></span></p>

<p class="MsoNormal"><span style="font-size:11pt">Host1         ======================        <wbr>           Host2<span></span></span></p>

<p class="MsoNormal"><span style="font-size:11pt">[auto=add]                    <wbr>                              <wbr>            

[auto=start]<span></span></span></p>

<p class="MsoNormal"><span style="font-size:11pt"><span> </span></span></p><p class="MsoNormal"><span style="font-size:11pt"><span><br></span></span></p>

<p class="MsoNormal"><span style="font-size:11pt">Both hosts are Ubuntu machines.

Intentionally configured auto=add on Host1, because I do not want any

initiation request from Host1.<span></span></span></p>

<p class="MsoNormal"><span style="font-size:11pt"><span> </span></span></p>

<p class="MsoNormal"><span style="font-size:11pt">When I enable(start) ipsec on

Host2, IKE and CHILD_SA established between Host1 and Host2.<span></span></span></p>

<p class="MsoNormal"><span style="font-size:11pt"><span> </span></span></p>

<p class="MsoNormal"><span style="font-size:11pt">Then, did “ipsec stop” and “ipsec

start” on Host1, when ipsec stop is executed, DELETE payload was sent to Host2,

and Host2 deleted IKE and CHILD SA.<span></span></span></p>

<p class="MsoNormal"><span style="font-size:11pt"><span> </span></span></p>

<p class="MsoNormal"><span style="font-size:11pt">As auto=add is configured on

Host1, no negotiation is started from Host1 , and Host2 flushed its SAs, it

also did not start the negotiation. <span></span></span></p>

<p class="MsoNormal"><span style="font-size:11pt"><span> </span></span></p>

<p class="MsoNormal"><span style="font-size:11pt">Tried closeaction, but for

every rekey , upon deletion of closing old SA, new SA is getting triggered.

With shorter lifetimes, there are frequent SAs getting created.<span></span></span></p>

<p class="MsoNormal"><span style="font-size:11pt"><span> </span></span></p>

<p class="MsoNormal"><span style="font-size:11pt">Is there any other option in

strongswan to restart one new  negotiation when Delete Payload is received?<span></span></span></p>

<p class="MsoNormal"><span style="font-size:11pt"><span> </span></span></p>

<p class="MsoNormal"><span style="font-size:11pt">Thanks for the help.<span class="HOEnZb"><font color="#888888"><span></span></font></span></span></p><span class="HOEnZb"><font color="#888888">

<p class="MsoNormal"><span style="font-size:11pt"><span> </span></span></p>

<p class="MsoNormal"><span style="font-size:11pt">-Bhargav<span></span></span></p>

<div><br></div><div><br></div><div><br clear="all"><div><br></div><br><div class="m_2147031070343468860gmail_signature"><div><font color="#282828" size="2" face="Calibri"><span style="color:rgb(40,40,40);font-size:11pt"></span></font></div></div>

</div></font></span></div>

</div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><font color="#282828" face="Trebuchet MS">Regards</font> 

<p><font face="Arial"><span style="color:#282828;font-size:10pt">_______________________________________________</span></font><font color="#339966" size="1" face="Arial"><span style="color:#339966;font-size:8pt"></span></font></p>

<div><font color="#282828" size="2" face="Calibri"><span style="color:#282828;font-size:10pt">Puvvada Bhargav</span></font></div>

<div><font color="#282828" size="2" face="Calibri"><span style="color:#282828;font-size:10pt"></span></font><font color="#282828" size="2" face="Calibri"><span style="color:#282828;font-size:10pt"></span></font><font color="#282828" size="1" face="Calibri"><span style="color:#282828;font-size:8pt">R&D Engineer <font size="2">| NOKIA SIEMENS NETWORKS<b><font color="navy" face="Calibri"><span style="color:navy;font-size:10pt;font-weight:bold"> India</span></font></b><font color="#282828" face="Calibri"><span style="color:#282828;font-size:10pt"> | Bangalore</span></font></font></span></font></div>

<div><font color="#282828" size="1" face="Calibri"><span style="color:#282828;font-size:8pt"> </span></font><font color="#282828" size="1" face="Calibri"><span style="color:#282828;font-size:8pt">Mob. + 919741040458</span></font><font color="#282828" size="2" face="Calibri"><span style="color:#282828;font-size:11pt"> </span></font></div>

<div><font color="#282828" size="2" face="Calibri"><span style="color:#282828;font-size:11pt"><a href="mailto:puvvada.bhargav@nsn.com" target="_blank">puvvada.bhargav@nsn.com</a></span></font></div></div>

</div></div>