[strongSwan] Set install_policy=false using vici
Mohammad Ahmad
mohd.ahmad17 at gmail.com
Mon Aug 10 22:46:46 CEST 2015
Hi Noel,
So lets say a SAs have been established between two hosts and they are
able to ping one another. Then charon crashes on one of the hosts, now
when this happens shouldn't the two hosts continue to communicate
using the previously established SAs until they expire? My aim is to
have zero downtime restarts.
Ahmad
On Sat, Aug 8, 2015 at 9:13 AM, Noel Kuntze <noel at familie-kuntze.de> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello Mohammed,
>
> That is the correct behaviour. IKE is used to manage the SAs. If a peer closes
> an IKE_SA without transitioning them to another IKE_SA, they get deleted.
> You can not change this behaviour. You always need to run an IKE_SA
> for a pair of SAs. You can also run several pairs of SAs under one IKE_SA.
> close_action affects IKEv1 and IKEv2, but it probably does something completely
> different than you think it does. The documentation explains it all.
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> Am 08.08.2015 um 03:45 schrieb Mohammad Ahmad:
>> Hi,
>>
>> When I exit charon, the negotiated SAs get deleted. This is not what I want.
>>
>> I am running only charon from /usr/libexec/charon. I use IKEv1 and
>> communicate to charon using the vici plugin. close_action is set to
>> none but as I understand it, close_action only affects ikev2.
>>
>> Ahmad
>>
>> On Wed, Aug 5, 2015 at 2:14 AM, Tobias Brunner <tobias at strongswan.org> wrote:
>>> Hi Ahmad,
>>>
>>>> Is there anyway I can set installpolicy=false using vici or even
>>>> strongswan.conf? I am using strongswan.conf to load the plugins and
>>>> using vici to load connections.
>>>
>>> The patch at [1] adds this feature. Let me know if it works for you.
>>>
>>> Regards,
>>> Tobias
>>>
>>> [1] https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=a036bae6
>>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJVxiqXAAoJEDg5KY9j7GZYaYoP/2JiaQ35ov2ptKFLbN+wmpUM
> k1REHmENNwvgypIChYD0Mq9VMPpRdMgPV5Y9MpyZ/fmKBIDlqWTgcQG1j0s7I/YJ
> hpYANqZrcLXD4qx6vmyj/7mcgYhnmbHGXaELoA8ST6RfNej5/Ek+yCPwe/IbV+OJ
> 072MuXmt6W+4pLcWBj8iOWK6Gf94rwNJ0JVKlIfDFxICNoVeGidsKyPr1NkEk1Bt
> mCZDhJzKaFNT/WGLDEol2t3Y8XdIuf2LnSLg3PAwNwVqQdYxr/r3H7KSAZYXz0Ou
> xtmMtYxSjzg+2H81gp7SIM6BkqJPtLp0CLB7Ed4eX1Ylr2De54Pw6fAVb7IBM3We
> HalwNivGSsqribxhXAW/DGEfJCcEZjOWjUOSJ6lpAl/v4mHS3FLiuE7rGXASrURo
> NwtwZI3YXTk4+4z0hkAIjyz+jt9Hrrze1hRKFNgQHdpez6d97lWXQ1Kqa3uBDMIK
> n+QrzSk0RBEczmiCFhP3Nq8ioO9ibxDfctLFEqtF6ogXQY58sz/HTzBPG7NRABJz
> 63VfoVyYcz/jG6gLJ6JdqnbwRhYcMZLQQV1ZKcAfi3IlyZ2tIWtlj50Oi5u4+E4f
> aLkRhrI3f+tj3WfS+kD2DaMfbuBbUmCp1ZmWL2um40MRpvRxlSW13af5ZimolZ5c
> kwPDd2M8wK3MMBSKS9Me
> =VWX9
> -----END PGP SIGNATURE-----
>
More information about the Users
mailing list