[strongSwan-dev] [PATCH] starter: cleanup SAs when deleting a connection

Christophe Gouault christophe.gouault at 6wind.com
Wed Feb 25 10:57:58 CET 2015


2015-02-23 18:23 GMT+01:00 Christophe Gouault <christophe.gouault at 6wind.com>:
> Hello Emeric,
>
> 2015-02-20 18:10 GMT+01:00 Emeric POUPON <emeric.poupon at stormshield.eu>:
>> Hello,
>>
>> Unfortunately, I am facing an issue with this patch.
>> For example, we may want to update the configuration file since the remote host's IP address has changed.
>> When charon receives the terminate stroke message, it sends the DELETE message but it may take minutes before giving up if the remote host is down!
>
> Indeed, if the peer does not respond, the actual tear down of the
> connection will last until the timeout is reached, but as far as I
> know, this does not prevent from completing the cleanup and applying
> the new configuration.
>
>> Therefore the new configuration may be applied several minutes later, which is quite unexpected.
>>
>> What do you think?
>
> Well, I think the new conf can be used immediately (the old connection
> will just survive for a while until the timeout is reached). I'll try
> to do a little test.

Hello Emeric,

After testing, I confirm the problem you describe: the unsuccessful
sending of a delete message delays the cleanup and applying of the new
conf.

This patch obviously needs some rework. Thanks for raising the issue.

Best Regards,
Christophe


More information about the Dev mailing list