[strongSwan] Set install_policy=false using vici
Noel Kuntze
noel at familie-kuntze.de
Sat Aug 8 18:13:13 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello Mohammed,
That is the correct behaviour. IKE is used to manage the SAs. If a peer closes
an IKE_SA without transitioning them to another IKE_SA, they get deleted.
You can not change this behaviour. You always need to run an IKE_SA
for a pair of SAs. You can also run several pairs of SAs under one IKE_SA.
close_action affects IKEv1 and IKEv2, but it probably does something completely
different than you think it does. The documentation explains it all.
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 08.08.2015 um 03:45 schrieb Mohammad Ahmad:
> Hi,
>
> When I exit charon, the negotiated SAs get deleted. This is not what I want.
>
> I am running only charon from /usr/libexec/charon. I use IKEv1 and
> communicate to charon using the vici plugin. close_action is set to
> none but as I understand it, close_action only affects ikev2.
>
> Ahmad
>
> On Wed, Aug 5, 2015 at 2:14 AM, Tobias Brunner <tobias at strongswan.org> wrote:
>> Hi Ahmad,
>>
>>> Is there anyway I can set installpolicy=false using vici or even
>>> strongswan.conf? I am using strongswan.conf to load the plugins and
>>> using vici to load connections.
>>
>> The patch at [1] adds this feature. Let me know if it works for you.
>>
>> Regards,
>> Tobias
>>
>> [1] https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=a036bae6
>>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJVxiqXAAoJEDg5KY9j7GZYaYoP/2JiaQ35ov2ptKFLbN+wmpUM
k1REHmENNwvgypIChYD0Mq9VMPpRdMgPV5Y9MpyZ/fmKBIDlqWTgcQG1j0s7I/YJ
hpYANqZrcLXD4qx6vmyj/7mcgYhnmbHGXaELoA8ST6RfNej5/Ek+yCPwe/IbV+OJ
072MuXmt6W+4pLcWBj8iOWK6Gf94rwNJ0JVKlIfDFxICNoVeGidsKyPr1NkEk1Bt
mCZDhJzKaFNT/WGLDEol2t3Y8XdIuf2LnSLg3PAwNwVqQdYxr/r3H7KSAZYXz0Ou
xtmMtYxSjzg+2H81gp7SIM6BkqJPtLp0CLB7Ed4eX1Ylr2De54Pw6fAVb7IBM3We
HalwNivGSsqribxhXAW/DGEfJCcEZjOWjUOSJ6lpAl/v4mHS3FLiuE7rGXASrURo
NwtwZI3YXTk4+4z0hkAIjyz+jt9Hrrze1hRKFNgQHdpez6d97lWXQ1Kqa3uBDMIK
n+QrzSk0RBEczmiCFhP3Nq8ioO9ibxDfctLFEqtF6ogXQY58sz/HTzBPG7NRABJz
63VfoVyYcz/jG6gLJ6JdqnbwRhYcMZLQQV1ZKcAfi3IlyZ2tIWtlj50Oi5u4+E4f
aLkRhrI3f+tj3WfS+kD2DaMfbuBbUmCp1ZmWL2um40MRpvRxlSW13af5ZimolZ5c
kwPDd2M8wK3MMBSKS9Me
=VWX9
-----END PGP SIGNATURE-----
More information about the Users
mailing list