[strongSwan] charon not sending DELETE payload
Gupta, Rohan 1. (NSN - IN/Bangalore)
rohan.1.gupta at nsn.com
Wed Apr 2 08:57:55 CEST 2014
Hi,
Recently during my testing of charon with strongswan version 4.3.1, I observed that after establishment of the tunnel if I flush the child_sa(or the phase 2 SA's) using setkey -F the DELETE payload is not sent to the peer.
Due to this the peer doesn't delete its child_sa and keeps on sending traffic with the old SA.
I have gone through the RFC and found the flowing line
"If an IKE endpoint chooses to
delete CHILD_SAs, it MUST send Delete payloads to the other end
notifying it of the deletion"
Is the above statement applicable for this scenario?
Can anyone help on what might be wrong?
Thanks,
Rohan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140402/56a7c95e/attachment.html>
More information about the Users
mailing list