[strongSwan] Pluto clears SAD and SPD on exit
andreas.steffen at strongswan.org
Mon Nov 8 21:13:33 CET 2010
pluto has been rather ruthless concerning the flushing of all
XFRM policies and states from the very beginning, because the daemon
is not able to keep a total track of its own IPsec policies and security
associations. If you want to disable the flushing you can remove
the starter_netkey_cleanup() call in starter.c (implemented in
On 08.11.2010 19:00, Владимир Подобаев wrote:
> We are using IKEv1 and also we install some our xfrm policies and states (not
> related to pluto). When pluto finishes - it clears not only its own SAs and
> SPs, but ours also.
> Is it possible to force Pluto not to clear foreign policies on exit?
> Or can you show us where we should patch the Pluto code? On first glance we
> couldn't find where Pluto flushes all policies and states. Maybe somehow
> it thinks the foreign policies to be its own and clears them by mistake?
> To reproduce the situation we've added our policies, then started pluto
> (without any connections), then shut down pluto. And all our policies and SAs
> were wiped out.
> Great thanks in advance!
> Best regards, Vladimir
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
More information about the Users