[strongSwan] HA plugin: stopping charon does not remove IKE_SA/CHILD_SA from other nodes
Emeric POUPON
emeric.poupon at stormshield.eu
Mon Mar 2 10:45:03 CET 2015
>> In that particular configuration (no monitoring/heartbeat) stopping
>> charon on the active node should clear the connections on the remote
>> gateway (OK) and on the other node (not OK), right?
>
>The active node will delete the IKE_SA, and send a close event to the
>passive node.
>
That is what I don't understand: I don't see the close event on the passive node.
Therefore the IKE SA and its associated CHILD SA stay in the passive node. Maybe I have missed something?
Regards,
Emeric
More information about the Users
mailing list