[strongSwan] Charon: Limit the Number of SAs that can be created with same Traffic Selectors

Andreas Steffen andreas.steffen at strongswan.org
Tue Dec 7 11:50:40 CET 2010 

No, I cannot identify the individual patches anymore.
If possible upgrade to 4.5.O or 4.4.1.

Regards

Andreas

On 07.12.2010 07:15, Sajal Malhotra wrote:
> Hi Andreas,
>  
> Thanks for the prompt response.
> We are using a pretty old version 4.2.8 :(
> Do you have any patch available for this fix. Or can you just hint us on
> the source code files where we can look for the change.
> It would be a great help.
>  
>  
> Thanks and Regards
> Sajal Malhotra
> 
> 
>  
> On Mon, Dec 6, 2010 at 6:06 PM, Andreas Steffen
> <andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>>
> wrote:
> 
>     Hi Sajal,
> 
>     which strongSwan version are you using? We had some rekeying
>     problems in the past, where multiple IKE and CHILD SAs were
>     established over time. In newer version though, usually only
>     one SA with a given traffic selector is installed or there
>     might be at the most two IKE_SAs and corresponding CHILD_SAs
>     if both sides initiate simultaneously with auto=start.
> 
>     Regards
> 
>     Andreas
> 
>     On 06.12.2010 12:21, Sajal Malhotra wrote:
>     > Hi,
>     >
>     > I am using Strongswan Charon (IKEv2) stack. Just wanted to know if
>     there
>     > is *any limit *that we can put on the number of CHILD SAs that can be
>     > created using the *same Traffic Selectors.*
>     > Actually I have a limited memory in my system and hence cannot
>     afford to
>     > have uncountable SAs being created with same TS.
>     >
>     > Also, what is the handling done by charon if the kernel returns
>     failure
>     > because it is unable to install SAD or SPD due to insufficient  memory
>     > space.
>     >
>     > Is there a way to stop charon from creating multiple CHILD SA with
>     same TS
>     >
>     > Thanks and Regards
>     > Sajal

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Users mailing list