[strongSwan] half-open IKE_SA handling and DoS prevention

David Weidenkopf dweidenkopf at cococorp.com
Tue Sep 8 23:12:12 CEST 2015


Are all half-open IKE_SAs from a host destroyed as soon as a legitimate
response is received? Or does strongSwan always wait for the
half_open_timeout to expire?

If this is discussed on strongswan.org please advise me, I couldn't find
where this detail is documented.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150908/381f48de/attachment.html>

More information about the Users mailing list