[strongSwan] How to trigger notify cookies

Thomas Oberhammer tho at open.ch
Fri Jun 3 10:31:39 CEST 2016

Ok, I figured it out:

1) the connections have to be initiated from Host A (which also creates 
connections in CONNECTING state on Host B)
2) I had to lower charon.cookie_threshold below 5 (which is the default 
of charon.block_threshold) on Host B

On 02.06.2016 15:02, Thomas Oberhammer wrote:
> Hi
> I am trying to reproduce a situation where the responder sends a 
> COOKIE message.
> I have a setup with two strongswan hosts: On host A, I added a 
> firewall rule that blocks all 500/udp from host B.
> When I run 'ipsec up <connection to A>' on host B multiple times, I 
> have many connections in CONNECTING state.
> My expectation was that when I remove the firewall rule and initiate a 
> connection from A, B would reply with a COOKIE message due to the many 
> half open tunnels, but apparently it does not.
> Can you please describe how I can force B to send COOKIE messages?
> Best regards
> Thomas

More information about the Users mailing list