[strongSwan] charon and ipsec down name
Andreas Steffen
andreas.steffen at strongswan.org
Thu Nov 11 20:49:32 CET 2010
Hello Wolfgang,
please have a look at our HOWTO which explains how you can take
down individual instances of IKE_SAs and CHILD_SAs:
http://wiki.strongswan.org/projects/strongswan/wiki/IpsecCommand
Regards
Andreas
On 11/11/2010 08:15 PM, Wolfgang Walter wrote:
> Hello,
>
> I use strongswan 4.4.1.
>
> The manual says that
>
> ipsec down <name>
>
> will terminate connection <name>.
>
> This is not really true with charon:
>
> If there are serveral connections between two routers, then
> ipsec down <name> does nothing if <name> uses the IKE SA of another connection
> or kills all this and all other connections which also the IKE SA of <name>.
>
> I think it would be better if charon behaved like that:
>
> ipsec down <name>{*}
> and for every IKE SA <name>[<n>] which has no other childs
> ipsec down <name>[<n>]
>
> Or the documentation is changed.
>
> Regards
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list