[strongSwan-dev] [PATCH] starter: cleanup SAs when deleting a connection
christophe.gouault at 6wind.com
Wed Feb 25 10:57:58 CET 2015
2015-02-23 18:23 GMT+01:00 Christophe Gouault <christophe.gouault at 6wind.com>:
> Hello Emeric,
> 2015-02-20 18:10 GMT+01:00 Emeric POUPON <emeric.poupon at stormshield.eu>:
>> Unfortunately, I am facing an issue with this patch.
>> For example, we may want to update the configuration file since the remote host's IP address has changed.
>> When charon receives the terminate stroke message, it sends the DELETE message but it may take minutes before giving up if the remote host is down!
> Indeed, if the peer does not respond, the actual tear down of the
> connection will last until the timeout is reached, but as far as I
> know, this does not prevent from completing the cleanup and applying
> the new configuration.
>> Therefore the new configuration may be applied several minutes later, which is quite unexpected.
>> What do you think?
> Well, I think the new conf can be used immediately (the old connection
> will just survive for a while until the timeout is reached). I'll try
> to do a little test.
After testing, I confirm the problem you describe: the unsuccessful
sending of a delete message delays the cleanup and applying of the new
This patch obviously needs some rework. Thanks for raising the issue.
More information about the Dev