[strongSwan] half-open IKE_SA handling and DoS prevention

Tobias Brunner tobias at strongswan.org
Wed Sep 9 11:33:34 CEST 2015

Previous message: [strongSwan] half-open IKE_SA handling and DoS prevention
Next message: [strongSwan] strongswan <> openbsd isakmpd: tunnel up but no traffic
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi David,

> Are all half-open IKE_SAs from a host destroyed as soon as a legitimate
> response is received? Or does strongSwan always wait for the
> half_open_timeout to expire?

The latter.

Regards,
Tobias

Previous message: [strongSwan] half-open IKE_SA handling and DoS prevention
Next message: [strongSwan] strongswan <> openbsd isakmpd: tunnel up but no traffic
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list