[strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

2012-03-19 Thread anand rao
Hi, I am using strongswan 4.3.6 I have configured two peers to establish tunnel in tunnel mode. Here is configuration in  ipsec.conf  config setup     strictcrlpolicy=no     crlcheckinterval=180     plutostart=yes     charonstart=yes     nat_traversal=yes conn %default     ikelifetime=10m     k

Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

2012-03-19 Thread Tobias Brunner
Hi Anand, > conn %default > ikelifetime=10m > keylife=5m > rekeymargin=3m Not sure what exactly the problem is but I suspect it might be related to the times you configured above (at least partially). Please have a look at the wiki page documenting how rekey times are calculated [1].

Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

2012-03-20 Thread anand rao
- Original Message - From: Tobias Brunner To: anand rao Cc: "users@lists.strongswan.org" Sent: Monday, March 19, 2012 9:17 PM Subject: Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs Hi Anand, > conn %default >     ikelifetime=10m >     keylife=5m > 

Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

2012-03-20 Thread Tobias Brunner
Hi Anand, > On my environment there is no support for kernel-netlink interface > for IPsec, > > I have to use kernel-pfkey interface only as I have my hooks > registered in PFKEY to XFRM for IPsec. > > I have tried latest versions of strongswan (4.5.1 and 4.5.3) both > resulted in kernel panic a

Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

2012-03-20 Thread anand rao
the redundant child SA issue on 4.3.6. Please suggest me in resolving this issue. Thanks, Anand - Original Message - From: Tobias Brunner To: anand rao Cc: "users@lists.strongswan.org" Sent: Tuesday, March 20, 2012 2:25 PM Subject: Re: [strongSwan] Charon hangs after failing

Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

2012-03-23 Thread gowrishankar
> issue. > > Thanks, > Anand > > - Original Message - > From: Tobias Brunner > To: anand rao > Cc: "users@lists.strongswan.org" > Sent: Tuesday, March 20, 2012 2:25 PM > Subject: Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec > SAs

Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

2012-04-06 Thread anand rao
unner ; "users@lists.strongswan.org" Sent: Friday, March 23, 2012 7:16 PM Subject: Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs Hi Anand, wrt RFC 4306 Page 22:     If the two ends have the same lifetime policies, it is possible that     both will initiate a re

Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

2012-04-10 Thread Tobias Brunner
Hi Anand, > conn toevm2-psk > ... > auto=route The problem is the combination of auto=route and reauth=yes (which is the default). With reauth=yes the IKE_SA is not rekeyed but reauthenticated. This means that the IKE_SA is first deleted and then reestablished. During this (albeit

Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

2012-04-10 Thread anand rao
, Anand - Original Message - From: Tobias Brunner To: anand rao Cc: gowrishankar ; "users@lists.strongswan.org" Sent: Tuesday, April 10, 2012 3:57 PM Subject: Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs Hi Anand, > conn toevm2-psk >