[strongSwan-dev] How do I properly cleanup all existing tunnel state?

Ruel, Ryan rruel at akamai.com
Sat Jul 4 14:16:05 CEST 2015

I’m working on a custom plug-in which involves communicating tunnel state (SA’s and policies) to an external IPsec stack.

I’d like to implement a recovery mechanism such that if the external stack should restart, charon will simply flush all existing tunnel state.

I have tried the following:


And this seems to flush out all existing SA’s and policies, which is what I want.  Unfortunately, after I issue this call, I can no longer establish new tunnels to strongSwan (it receives IKE messages, but doesn’t seem to generate any responses).  I then need to restart the process.

Is there something else I need to flush in order to restore charon to a clean state?  Or would just aborting the process and letting starter restart it be a better cleanup approach?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20150704/cc6789b7/attachment.html>

More information about the Dev mailing list