[strongSwan] HA plugin: stopping charon does not remove IKE_SA/CHILD_SA from other nodes
Martin Willi
martin at strongswan.org
Fri Feb 27 16:27:02 CET 2015
> When charon is stopped on one of the nodes, DELETE are sent to the remote hosts:
Actually, it should not if it has an active heartbeat connection with
the other node. If a node knows that another node is active, it should
deactivate all responsible segments locally before shutting down, and
omit any delete messages. The other node takes over responsibility for
all SAs.
I haven't tested that code in a while, but it definitely did work if
monitoring/heartbeat is active, see [1].
Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/plugins/ha/ha_segments.c;h=fc7d7a8b;hb=HEAD#l240
More information about the Users
mailing list