[strongSwan] updown - server which disconnects one roadworrior when another connects
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Mon Sep 28 11:05:54 CEST 2020
Hi,
up-client is called for each combination of remote ts and local ts components, as is down-client, when a CHILD_sa is established/destroyed.
So when a CHILD_SA is rekeyed, both are called in the order the CHILD_SAs are negotiated/destroyed.
Kind regards
Noel
Am 28.09.20 um 10:58 schrieb lejeczek:
> Hi guys.
>
> I have a strongswan with 'updown' which controls tunnels,
> routes, etc. I took the script from doc examples and built
> upon it.
> What is perplexing totally to me is, that the scripts shows
> that when one roadwarrior is connected and another one is
> connecting then the server invokes 'down-client' which then
> removes - as the updown dictates - tunnel of already
> connected roadwarrior.
> Here is a snippet of the log from 'updown' script, a moment
> when new roadwarrior connects:
> ...
> ----RUN
> vti113 - down-client
> Mon Sep 28 09:47:20 BST 2020
> ip tunnel del vti113
> ip route del 10.3.1.12/32 dev vti113
>
> ----RUN
> vti114 - up-client
> Mon Sep 28 09:47:21 BST 2020
> ip tunnel add vti114 local X.X.X.X remote Z.Z.Z.Z mode vti
> key 11
> ip link set vti114 mtu 1400 up
> ...
>
> 'updown' script has nothing to do with that, right?
> Why would server do that 'down-client'?
>
> many thanks, L.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200928/925d5c72/attachment.sig>
More information about the Users
mailing list