[strongSwan] Help needed for problem when auto= add configured.

bhargav p bhargav.1226 at gmail.com
Wed Aug 23 06:31:16 CEST 2017


Setup Details:


Host1         ======================                   Host2


Both hosts are Ubuntu machines. Intentionally configured auto=add on Host1,
because I do not want any initiation request from Host1.

When I enable(start) ipsec on Host2, IKE and CHILD_SA established between
Host1 and Host2.

Then, did “ipsec stop” and “ipsec start” on Host1, when ipsec stop is
executed, DELETE payload was sent to Host2, and Host2 deleted IKE and CHILD

As auto=add is configured on Host1, no negotiation is started from Host1 ,
and Host2 flushed its SAs, it also did not start the negotiation.

Tried closeaction, but for every rekey , upon deletion of closing old SA,
new SA is getting triggered. With shorter lifetimes, there are frequent SAs
getting created.

Is there any other option in strongswan to restart one new  negotiation
when Delete Payload is received?

Thanks for the help.

