[strongSwan] Roadwarrior connected but ipsec status shows: UPDATING, TUNNEL

Martin Willi martin at strongswan.org
Fri May 9 08:58:03 CEST 2014


> User is using a iPhone 5s. [...] Later on that day they connect again
> (Whilst on a 4g connection).

> It now shows:
> I can't find any documentation on this status, can any one help?

A CHILD_SA is in UPDATING state if the daemon tries to update endpoint
addresses after one of the attachment points have changed. Seems that
there is some SA update involved, but not sure if that works with iOS.
As always, your log output could help to see what is going on.

This state should not be persistent; it should be restored after the
update completes (or fails). There is a bug which prevents to restore
state if updating the CHILD_SA is not supported. I've addressed it with
[1], you may try to apply that patch.

So the question is, why is the update failing? What is your strongSwan
version, and what kernel backend on which OS do you have in use?



More information about the Users mailing list