[strongSwan] Charon is creating CHILD_SA even after a connection is deleted.
Tobias Brunner
tobias at strongswan.org
Mon Jul 27 11:36:22 CEST 2015
Hi Divya,
> I'm deleting a particular connection (PROTECT-BTSSM2~MPLANE2) and I
> can see from the logs that this connection is deleted, terminated,
> unrouted and the kernel polices are being removed (at 14:03:45).
> Still a CHILD_SA is successfully established with this connection (at 14:03:46).
Note that the daemon is multi-threaded. If the connection is
established concurrently with deleting configs (which it looks like in
the log) the thread creating the SA might already have a reference to
the config. And established connections are not affected by config
changes. So you'll have to "down" any existing connections manually
after deleting a config.
Regards,
Tobias
More information about the Users
mailing list