[strongSwan] charon and ipsec down name

Wolfgang Walter wolfgang.walter at stwm.de
Thu Nov 11 20:15:30 CET 2010


I use strongswan 4.4.1.

The manual says that

	 ipsec down <name>

will terminate connection <name>.

This is not really true with charon:

If there are serveral connections between two routers, then
ipsec down <name> does nothing if <name> uses the IKE SA of another connection 
or kills all this and all other connections which also the IKE SA of <name>.

I think it would be better if charon behaved like that:

ipsec down <name>{*}
and for every IKE SA <name>[<n>] which has no other childs
ipsec down <name>[<n>]

Or the documentation is changed.

Wolfgang Walter
Studentenwerk München
Anstalt des öffentlichen Rechts

More information about the Users mailing list