[strongSwan] restart action on redundant CHILD_SAs

Stephen Pisano pisano at alcatel-lucent.com
Tue Aug 23 23:05:11 CEST 2011


We have found a message sequencing error scenario which yields
unexpected/undesirable behavior:

1. An established IKE_SA has an established CHILD_SA, with a non-strongSwan
2. During rekeying, at the point there are two established CHILD_SAs, the
old and the new CHILD_SAs, a request is received from the peer to DELETE the
3. Our strongSwan is configured to automatically restart.
4. It dutifully restarts the IKE_SA and CHILD_SAs that currently exist, even
though the old one is an artifact of an incomplete rekey sequence.

Do you agree this is an issue?

Some thoughts on fixing it:

Inspiration comes from a fix for a similar issue:


Where a CHILD_SA's close action was "adjusted" so that it is not recreated
upon restart.  

In our error scenario, could this same technique be used on the "Old" SA
(the one being rekeyed) to prevent a restart action on it?

That is when a new SA is created for a policy, the old SA's action (for the
same policy) would be set to "NONE".

What do you think?


More information about the Users mailing list