[strongSwan] updown - server which disconnects one roadworrior when another connects
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Mon Sep 28 12:03:14 CEST 2020
Hi,
Sorry for the mistake.
Kind regards
Noel
Am 28.09.20 um 11:52 schrieb Tobias Brunner:
> Hi,
>
>> up-client is called for each combination of remote ts and local ts components, as is down-client, when a CHILD_sa is established/destroyed.
>> So when a CHILD_SA is rekeyed, both are called in the order the CHILD_SAs are negotiated/destroyed.
>
> The updown script is *not* called for IKE or CHILD_SA rekeyings.
> However, if reauthentication is used with IKEv2, the script will be
> called as new CHILD_SA are created. A down-event will be called either
> before or after the reauthentication and the corresponding up-event
> depending on whether make-before-break reauthentication is used by the
> client, see [1].
>
> By the way, the VICI interface does expose the ike/child-rekey events.
> But reauthentication is not handled differently.
>
> Regards,
> Tobias
>
> [1] https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200928/29bf8179/attachment.sig>
More information about the Users
mailing list