[strongSwan] How to trigger notify cookies
Thomas Oberhammer
tho at open.ch
Fri Jun 3 10:31:39 CEST 2016
Ok, I figured it out:
1) the connections have to be initiated from Host A (which also creates
connections in CONNECTING state on Host B)
2) I had to lower charon.cookie_threshold below 5 (which is the default
of charon.block_threshold) on Host B
On 02.06.2016 15:02, Thomas Oberhammer wrote:
> Hi
>
> I am trying to reproduce a situation where the responder sends a
> COOKIE message.
>
> I have a setup with two strongswan hosts: On host A, I added a
> firewall rule that blocks all 500/udp from host B.
> When I run 'ipsec up <connection to A>' on host B multiple times, I
> have many connections in CONNECTING state.
>
> My expectation was that when I remove the firewall rule and initiate a
> connection from A, B would reply with a COOKIE message due to the many
> half open tunnels, but apparently it does not.
>
> Can you please describe how I can force B to send COOKIE messages?
>
> Best regards
> Thomas
More information about the Users
mailing list