[strongSwan] How to overcome the dpd re-transmission task for IKE_DELETE task?
Nanda Gopal
nandanator at gmail.com
Mon Jul 21 14:38:33 CEST 2014
Hi Martin,
Thank you for your response.
What are the pro's and con's of introducing such immediate delete of IKE_SA?
On Mon, Jul 21, 2014 at 3:24 PM, Martin Willi <martin at strongswan.org> wrote:
> Hi,
>
> > Is there any other way to administratively shutdown the connection
> > using IKE_DELETE, overriding the dpd re-transmission task?
>
> "ipsec down" tries to gracefully close the tunnel, sending a DELETE
> message. As there is a DPD exchange in progress, with IKEv2 and a window
> size == 1, that message has to be queued.
>
> One could just remove the IKE_SA state without notification, but this is
> not what "ipsec down" does. Unfortunately, there is currently no
> mechanism to immediately delete such an IKE_SA.
>
> Regards
> Martin
>
>
--
Regards
Nandu™
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140721/20364e50/attachment.html>
More information about the Users
mailing list