Greetings.
openSUSE 11.3 currently allows to install strongswan such that it is possible to omit the pluto daemon from the installation. Now, suppose there is a typical ipsec.conf that only defines connections, i.e. #config setup #nothing here conn foo left=x right=y etc. keyexchange=ikev2 # important The connection foo is established without problems, however, since pluto could not be started, ipsec_starter takes the opportunity to send a stroke to charon too. ipsec_starter[4376]: can't execv(/usr/lib/ipsec/pluto,...): No such file or directory ipsec_starter[3411]: pluto has died -- restart scheduled (5sec) ipsec_starter[3411]: pluto refused to be started charon: 09[CFG] received stroke: add connection 'foo' Subsequently, charon establishes new CHILD_SAs every 5 seconds, leading to 12:56 s96:/var/log # ipsec status Security Associations: foo[1]: ESTABLISHED 7 minutes ago, 192.168.100.40[C=DE...]...81.1.2.3[C=DE...] foo{1}: INSTALLED, TUNNEL, ESP SPIs: c989a12a_i c7d7b658_o foo{1}: 1.0.0.2/32 === 81.20.113.211/32 foo{2}: INSTALLED, TUNNEL, ESP SPIs: cac8e0a3_i c509a7b2_o foo{2}: 1.0.0.2/32 === 81.20.113.211/32 foo{3}: INSTALLED, TUNNEL, ESP SPIs: cc6f99a6_i c3a94262_o foo{3}: 1.0.0.2/32 === 81.20.113.211/32 foo{4}: INSTALLED, TUNNEL, ESP SPIs: ca73305e_i cee7e1cf_o foo{4}: 1.0.0.2/32 === 81.20.113.211/32 foo{5}: INSTALLED, TUNNEL, ESP SPIs: c3ec46e1_i ca995d15_o foo{5}: 1.0.0.2/32 === 81.20.113.211/32 ... _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users