[strongSwan] half-open IKE_SA handling and DoS prevention

Tobias Brunner tobias at strongswan.org
Wed Sep 9 11:33:34 CEST 2015

Hi David,

> Are all half-open IKE_SAs from a host destroyed as soon as a legitimate
> response is received? Or does strongSwan always wait for the
> half_open_timeout to expire?

The latter.


More information about the Users mailing list