[strongSwan-dev] [strongSwan] Roadwarrior connected but ipsec status shows: UPDATING, TUNNEL

Harry Stark stark.harry at yahoo.co.uk
Fri May 9 09:43:20 CEST 2014


Thanks for the reply.  

I'm running:
Linux strongSwan U5.1.3/K2.6.32-358.11.1.el6.x86_64


On
Centos 6 with:
2.6.32-358.11.1.el6.x86_64


H.
On Friday, 9 May 2014, 7:58, Martin Willi <martin at strongswan.org> wrote:
 
Harry,

> User is using a iPhone 5s. [...] Later on that day they connect again
> (Whilst on a 4g connection).

> It now shows:
>   UPDATING, TUNNEL
> 
> I can't find any documentation on this status, can any one help?

A CHILD_SA is in UPDATING state if the daemon tries to update endpoint
addresses after one of the attachment points have changed. Seems that
there is some SA update involved, but not sure if that works with iOS.
As always, your log output could help to see what is going on.

This state should not be persistent; it should be restored after the
update completes (or fails). There is a bug which prevents to restore
state if updating the CHILD_SA is not supported. I've addressed it with
[1], you may try to apply that patch.

So the question is, why is the update failing? What is your strongSwan
version, and what kernel backend on which OS do you have in use?

Regards
Martin


[1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=b1b01840
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20140509/ebd3559f/attachment.html>


More information about the Dev mailing list