[strongSwan-dev] [PATCH] starter: cleanup SAs when deleting a connection
Christophe Gouault
christophe.gouault at 6wind.com
Mon Feb 23 18:23:09 CET 2015
Hello Emeric,
2015-02-20 18:10 GMT+01:00 Emeric POUPON <emeric.poupon at stormshield.eu>:
> Hello,
>
> Unfortunately, I am facing an issue with this patch.
> For example, we may want to update the configuration file since the remote host's IP address has changed.
> When charon receives the terminate stroke message, it sends the DELETE message but it may take minutes before giving up if the remote host is down!
Indeed, if the peer does not respond, the actual tear down of the
connection will last until the timeout is reached, but as far as I
know, this does not prevent from completing the cleanup and applying
the new configuration.
> Therefore the new configuration may be applied several minutes later, which is quite unexpected.
>
> What do you think?
Well, I think the new conf can be used immediately (the old connection
will just survive for a while until the timeout is reached). I'll try
to do a little test.
Best Regards,
Christophe
More information about the Dev
mailing list