[strongSwan-dev] How do I properly cleanup all existing tunnel state?
Ruel, Ryan
rruel at akamai.com
Sat Jul 4 14:16:05 CEST 2015
I’m working on a custom plug-in which involves communicating tunnel state (SA’s and policies) to an external IPsec stack.
I’d like to implement a recovery mechanism such that if the external stack should restart, charon will simply flush all existing tunnel state.
I have tried the following:
charon->ike_sa_manager->flush(charon->ike_sa_manager);
And this seems to flush out all existing SA’s and policies, which is what I want. Unfortunately, after I issue this call, I can no longer establish new tunnels to strongSwan (it receives IKE messages, but doesn’t seem to generate any responses). I then need to restart the process.
Is there something else I need to flush in order to restore charon to a clean state? Or would just aborting the process and letting starter restart it be a better cleanup approach?
Thanks!
/Ry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20150704/cc6789b7/attachment.html>
More information about the Dev
mailing list