[strongSwan] The duplicate IKE tunnel is not deleted because of DPD action.

Wed Nov 16 13:24:37 CET 2011

hi all,
       Is it right that the duplicate IKE tunnel is not deleted because the
older tunnel is running DPD detecting.
       I am running strongswan-4.5.2 and using IKEv2 with DPD in the
following scenario:
       http://www.strongswan.org/uml-testresults.html

       I follow these steps:
       1. Carol establishes a ipsec tunnel with moon.
       2. Carol shutdown the eth0 with the command ifdown
       3. Carol run 'ipsec resstart'
       4. Carol establishes a ipsec tunnel with moon again.
       Then I can see two IKE tunnel in the 'ipsec statusall', and the
older one is running DPD detecting. I can see "deleting duplicate
tunnel....." in /var/log/messages but the older tunnel is not deleted
immediately.

       Is it right or am I missing so meting in the strongwan configure
file?
       And it is a way to delete the older tunnel immediately with  DPD ?

best regards,
nanajian5
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20111116/f98faab5/attachment.html>