[strongSwan] delete IPsec SA in transport mode
gnimozyu at gmail.com
Fri Mar 25 10:49:48 CET 2016
delete IPsec SA in transport mode
I'm looking for your advice to delete SA without DPD.
I use strongSwan U5.3.2/K3.10.84 and xl2tpd 1.3.1. with following
charondebug = "ike 4, cfg 2"
margintime = 10s
reauth = yes
L2TP client OS is Windows7 and it does not support DPD.
If the client disconnect IPsec without delete-SA, for example blue screen
e.t.c, then I think linux system keeps the SA until strongSwan is restared.
I saw https://wiki.strongswan.org/projects/strongswan/wiki/Windows7 . But
my question is:
1) ikelifetime, lifetime and margintime are ignored if rekey is "no" ?
2) Do you have any configuration to delete the IPsec SA automatically with
3) I want to delete IPsec SA if no packet arrived during specifed period.
Is it possible ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users