[strongSwan] IKE_SA gets deleted with no recovery after NTP update
martin at strongswan.org
Fri Mar 11 08:56:39 CET 2011
> We rely on the system time to be correct.
Depends on how strongSwan is built. If your system provides a monotonic
time source and compatible pthread_condvars, we use it. This is checked
during ./configure, checking for
or alternatively for
If such condvars are available, we use always increasing never jumping
time source, and system time changes shouldn't affect rekeying or other
> after the rekey, Strong Swan deletes the IKE_SA but does not re-try to
> create the IKE_SA
If you don't have such a condvar, large time shifts may trigger soft and
hard timeouts simultaneously, resulting in a hard timeout.
More information about the Users