[strongSwan] Query regarding stroke messages.

bhargav p bhargav.1226 at gmail.com
Tue Apr 12 17:08:04 CEST 2016


I am doing below IPSec testcase.

Let's say IPSec tunnel is established between two ends[A ------------ B].

For some reason, B side tunnel went down, and couldn't notify A.

Lets say r1~v1 is conn name.

Now on A, I am doing "ipsec down r1~v1", which sends "ipsec stroke
terminate", trying to clear the tunnels and sends the DELETE notification
to other end.  As the other end is down, A will not receive the DELETE
reply. And A is entering into retransmitt mode. And all the subsequent
stroke messages are in queue,because of retransmission mode.

When this is going on, I removed "r1~v1" in ipsec.conf  and sent SIGHUP,
and added back the connection "r1~v1" in ipsec.conf and sent SIGHUP.

I am seeing all the stroke messages related to this conn[r1~v1] are in
queue, and once after 5 retransmitts all the pending stroke messages are

Queuing the stroke messages when conn is in retransmission mode, Is this
expected behaviour?

Is there anyway to prevent the retransmissions for specific  Informationl
packets ?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160412/93a44339/attachment.html>

More information about the Users mailing list