[strongSwan] Running dual instances of strongswan
Tobias Brunner
tobias at strongswan.org
Mon Sep 10 13:22:32 CEST 2012
Hi Terry,
> I have 2 instances of strongswan running.
What exactly is the reason for this?
Did you patch one instance to use a different range for its reqids? As
these are used to connect policies with SAs in the kernel you will
eventually run into problems if you didn't.
> After I removed the SA deletion
> code from one, the other tunnel remains up.
>
> I wonder if this is a good workaround. Is there any resources leaked
> if starter does not delete SAs when exiting?
starter flushes SAs and policies mainly to clean up in case the daemon
has crashed (so that a proper restart is possible as especially the
policies couldn't be installed otherwise). But there should not be any
resource leaks if starter does not do this, the daemon should clean up
properly after itself when terminating.
> Will it reuse those same SAs when it comes back up?
No, that it won't do. The daemon also assumes that it has full control
over the kernel, that is, if both instances tried to install the same
policies you'd have a conflict that the daemon currently can't resolve.
The same applies after it crashed and old policies were still installed
in the kernel.
Regards,
Tobias
More information about the Users
mailing list