[strongSwan] updown - server which disconnects one roadworrior when another connects
Tobias Brunner
tobias at strongswan.org
Mon Sep 28 11:52:44 CEST 2020
Hi,
> up-client is called for each combination of remote ts and local ts components, as is down-client, when a CHILD_sa is established/destroyed.
> So when a CHILD_SA is rekeyed, both are called in the order the CHILD_SAs are negotiated/destroyed.
The updown script is *not* called for IKE or CHILD_SA rekeyings.
However, if reauthentication is used with IKEv2, the script will be
called as new CHILD_SA are created. A down-event will be called either
before or after the reauthentication and the corresponding up-event
depending on whether make-before-break reauthentication is used by the
client, see [1].
By the way, the VICI interface does expose the ike/child-rekey events.
But reauthentication is not handled differently.
Regards,
Tobias
[1] https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey
More information about the Users
mailing list