[strongSwan] more info in log message "deleting half open IKE_SA after timeout"
Tobias Brunner
tobias at strongswan.org
Wed Mar 15 16:25:27 CET 2017
Hi Walter,
> With the patch, I hope to be able to see if it's one of "our" clients failing to connect because
> of e.g. fragments being dropped, or it's some scan attempt "from far away".
Enabling the `ike_name` option for the configured logger(s) might also
help as you could then correlate the "... is initiating an IKE_SA"
message with this one via the IKE_SA's unique identifier.
> If the patch is considered useful, feel free to add it.
It doesn't hurt and the IP is also logged when an established IKE_SA is
deleted, so I've added it to master.
Thanks,
Tobias
More information about the Users
mailing list