[strongSwan] Windows XP sends DELETE

Tobias Brunner tobias at strongswan.org
Mon Jun 3 11:29:29 CEST 2019

Hi Mark,

> Can you help me get this connection to stay up?

I guess the "trick" of older *Swans (that use the pluto daemon) was that
they completely ignored IKEv1 DELETE payloads (strongSwan did so too
before 5.0.0).  So unless you are willing to either use an old
unsupported strongSwan version, or patch the current code so it ignores
DELETEs too, there isn't anything you can do if the peer insists on
deleting the IKE_SA (for IKEv1 there is technically no hard relation
between IKE and IPsec SA, so the latter can exist fine if the former is
terminated, however, that's not how strongSwan 5+ handles this).


More information about the Users mailing list