[strongSwan] some problems with strongswan4.6.4
梅香
747201427 at qq.com
Thu Jan 24 03:00:24 CET 2013
Dear all:
I am writing to ask a question with strongswan 4.6.4 running in Linux 2.6.21.7. Following , I will describe the problem in detail:
firstly, there is abnormal printing in the message ,just like: ignoring IKE_SA setup from 10.0.30.74, half open IKE_SA count of 2503 exceeds limit of 1000。Then I input a command ip –s xfrm policy,it show such information:
src 10.0.30.74/32 dst 10.7.0.0/17 uid 0
dir in action block index 1730496 priority 7999 share any flag 0x00000000
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2013-01-08 17:25:41 use –
I want to make sure whether the half open IKE_SA exceeding limit will lead to xfrm policy appear such “action block” information? And I want to know whether this is normal ?
Moreover, I have another problem .first,I established 10000 ipsec tunnels use a instrument,then I stoped the instrument and many delete messge was found, at last I restarted ipsec and then found that the xfrm modules still has many SA and SP . I wonder whether this is normal?
Thank you for your attention to this letter .I am looking forward your reply。
Yous Anna.
More information about the Users
mailing list