[strongSwan] Sa not getting deleted

Naveen Neelakanta naveen.b.neelakanta at gmail.com
Thu Jan 3 02:03:02 CET 2019


Hi All,

I see an issue where, when I unload a connection from the vici API, and
reload a connection, the old Sa's are not getting deleted immediately, but
I see a soft expire or 3077(sec).

src 10.24.18.209 dst 199.168.148.132
proto esp spi 0x36e072cf(920679119) reqid 1(0x00000001) mode tunnel
replay-window 0 seq 0x00000000 flag af-unspec (0x00100000)
mark 0x16/0xffffffff
encap type espinudp sport 4501 dport 4500 addr 0.0.0.0
anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
lifetime config:
  limit: soft (INF)(bytes), hard (INF)(bytes)
  limit: soft (INF)(packets), hard (INF)(packets)
  expire add: soft 3077(sec), hard 3600(sec)
  expire use: soft 0(sec), hard 0(sec)
lifetime current:
  0(bytes), 0(packets)
  add 2019-01-03 00:27:54 use -
stats:
  replay-window 0 replay 0 failed 0

src 10.24.18.209 dst 199.168.148.132
proto esp spi 0x74fda9ea(1962781162) reqid 1(0x00000001) mode tunnel
replay-window 0 seq 0x00000000 flag af-unspec (0x00100000)
mark 0x16/0xffffffff
encap type espinudp sport 4501 dport 4500 addr 0.0.0.0
anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
lifetime config:
  limit: soft (INF)(bytes), hard (INF)(bytes)
  limit: soft (INF)(packets), hard (INF)(packets)
  expire add: soft 3122(sec), hard 3600(sec)
  expire use: soft 0(sec), hard 0(sec)
lifetime current:
  0(bytes), 0(packets)
  add 2019-01-03 00:27:54 use -
stats:
  replay-window 0 replay 0 failed 0

Thanks,
Naveen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190102/62d858ea/attachment.html>


More information about the Users mailing list