[strongSwan] HA plugin: stopping charon does not remove IKE_SA/CHILD_SA from other nodes

[Martin Willi]

Hi,

> In that particular configuration (no monitoring/heartbeat) stopping
> charon on the active node should clear the connections on the remote
> gateway (OK) and on the other node (not OK), right?

The active node will delete the IKE_SA, and send a close event to the
passive node.

If you are not using the ha plugin heartbeat, you probably should make
the other node active first (responsible for all IKE_SAs) before
shutting down a node.

Regards
Martin