[strongSwan] issue when configuring dpdaction=restart in ipsec.conf
Tobias Brunner
tobias at strongswan.org
Tue Feb 12 09:07:15 CET 2013
Hi Bhargav,
> Because of new child_sa getting established , still setkey -DP still
> shows the related policies. why this is happening?
Which version are you using? In releases before 4.5.3 the close action,
which is triggered by a peer closing the CHILD_SA, was the same as the
DPD action. So dpdaction=restart would cause charon to reestablish the
CHILD_SA if it is closed by the per. In newer releases the behavior on
properly closed SAs can be configured with the closeaction option.
Regards,
Tobias
More information about the Users
mailing list