[strongSwan] Issue with transmission of IKE DELETE INFORMATIONAL request messages during shutdown under high load

Martin Willi martin at strongswan.org
Fri Jun 20 14:51:50 CEST 2014


> if I trigger the #ipsec stop command, it should suppose to send 20k IKE
> DELETE INFORMATIONAL  request messages to its peer. But I find , it
> sends 14k messages  (approximately) only.

When issuing "ipsec stop", starter tries to shut down the IKE daemon. If
that does not happen fast enough, starter gets more aggressive in
killing the process to bring it down. Details can be found at [1], you
may change that for your needs.

Also, please be aware that UDP is unreliable, and even if charon sends
all messages, they might get lost on your network or even in your local
networking stack.

Regards
Martin

[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/starter/invokecharon.c;h=d981f6c1;hb=HEAD#l68



More information about the Users mailing list