[strongSwan] connection disappeared from ipsec statusall

Felix Shao sevenever at gmail.com
Wed Sep 21 10:17:32 CEST 2011


Hi
I have two conn defined with the same IP address pair, they are shown in
"ipsec statusall" as "parent and child"
If I remove the "parent"(2.conn), and call an ipsec update, the "child" also
disappeared.
I need to restart the ipsec server to let the "child"(1.conn) show again...

However if I just remove the "child", the parent still present in "ipsec
statusall".

StrongSwan version: 4.5.0

below is my test:

root at myserver:/etc/ipsec.d/conns# cat 1.conn 2.conn

conn 1
        authby=psk
        auto=add
        left=10.2.2.2
        right=10.2.2.1
        type=tunnel
        keyexchange=ikev2
        esp=aes128-sha256

conn 2
        authby=psk
        auto=add
        left=10.2.2.2
        right=10.2.2.1
        type=tunnel
        keyexchange=ikev2
        esp=aes128-sha256

root at myserver:/etc/ipsec.d/conns# ipsec statusall
Status of IKEv2 charon daemon (strongSwan 4.5.0):
  uptime: 4 minutes, since Sep 21 16:01:37 2011
  malloc: sbrk 262144, mmap 0, used 125824, free 136320
  worker threads: 7 idle of 16, job queue load: 0, scheduled events: 0
  loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509
revocation pubkey pkcs1 pgp pem openssl fips-prf gmp agent pkcs11 xcbc hmac
ctr ccm gcm attr kernel-netlink resolve socket-raw farp stroke updown
eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-tnc
dhcp led addrblock
Listening IP addresses:
  10.2.2.2
Connections:
           2:  10.2.2.2...10.2.2.1
           2:   local:  [10.2.2.2] uses pre-shared key authentication
           2:   remote: [10.2.2.1] uses any authentication
           2:   child:  dynamic === dynamic
           1:   child:  dynamic === dynamic
Security Associations:
  none

root at myserver:/etc/ipsec.d/conns# rm 2.conn

root at myserver:/etc/ipsec.d/conns# ipsec update
Updating strongSwan IPsec configuration...
root at myserver:/etc/ipsec.d/conns# ipsec statusall
Status of IKEv2 charon daemon (strongSwan 4.5.0):
  uptime: 4 minutes, since Sep 21 16:01:36 2011
  malloc: sbrk 258048, mmap 0, used 116552, free 141496
  worker threads: 6 idle of 16, job queue load: 0, scheduled events: 0
  loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509
revocation pubkey pkcs1 pgp pem openssl fips-prf gmp agent pkcs11 xcbc hmac
ctr ccm gcm attr kernel-netlink resolve socket-raw farp stroke updown
eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-tnc
dhcp led addrblock
Listening IP addresses:
  10.2.2.2
Connections:
Security Associations:
  none

Is this a known issue of StrongSwan or it just work as design?

Thank you!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110921/35558fe1/attachment.html>


More information about the Users mailing list