[strongSwan] some problems with strongswan4.6.4

梅香 747201427 at qq.com
Thu Jan 24 03:00:24 CET 2013


Dear all:
I am writing to ask a question with strongswan 4.6.4 running in Linux  2.6.21.7. Following , I will describe the problem in detail:
 firstly, there is abnormal printing in the message ,just like: ignoring IKE_SA setup from 10.0.30.74, half open IKE_SA count of 2503 exceeds limit of 1000。Then I input a command ip –s xfrm policy,it show such information:
src 10.0.30.74/32 dst 10.7.0.0/17 uid 0	
	dir in action block index 1730496 priority 7999 share any flag 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)	
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2013-01-08 17:25:41 use –
I want to make sure whether the half open IKE_SA exceeding limit will lead to xfrm policy appear such “action block” information? And I want to know whether this is normal ?
Moreover, I have another problem .first,I established 10000 ipsec tunnels use a instrument,then I stoped the instrument and many delete messge was found, at last I restarted ipsec and then found that the xfrm modules still has many SA and SP . I wonder whether this is normal?
Thank you for your attention to this letter .I am looking forward your reply。
Yous Anna.





More information about the Users mailing list