[strongSwan] charon and ipsec down name

Andreas Steffen andreas.steffen at strongswan.org
Thu Nov 11 20:49:32 CET 2010

Hello Wolfgang,

please have a look at our HOWTO which explains how you can take
down individual instances of IKE_SAs and CHILD_SAs:




On 11/11/2010 08:15 PM, Wolfgang Walter wrote:
> Hello,
> I use strongswan 4.4.1.
> The manual says that
> 	 ipsec down <name>
> will terminate connection <name>.
> This is not really true with charon:
> If there are serveral connections between two routers, then
> ipsec down <name> does nothing if <name> uses the IKE SA of another connection 
> or kills all this and all other connections which also the IKE SA of <name>.
> I think it would be better if charon behaved like that:
> ipsec down <name>{*}
> and for every IKE SA <name>[<n>] which has no other childs
> ipsec down <name>[<n>]
> Or the documentation is changed.
> Regards

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list