Hi Noel, So lets say a SAs have been established between two hosts and they are able to ping one another. Then charon crashes on one of the hosts, now when this happens shouldn't the two hosts continue to communicate using the previously established SAs until they expire? My aim is to have zero downtime restarts.
Ahmad On Sat, Aug 8, 2015 at 9:13 AM, Noel Kuntze <[email protected]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hello Mohammed, > > That is the correct behaviour. IKE is used to manage the SAs. If a peer closes > an IKE_SA without transitioning them to another IKE_SA, they get deleted. > You can not change this behaviour. You always need to run an IKE_SA > for a pair of SAs. You can also run several pairs of SAs under one IKE_SA. > close_action affects IKEv1 and IKEv2, but it probably does something > completely > different than you think it does. The documentation explains it all. > > Mit freundlichen Grüßen/Kind Regards, > Noel Kuntze > > GPG Key ID: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > Am 08.08.2015 um 03:45 schrieb Mohammad Ahmad: >> Hi, >> >> When I exit charon, the negotiated SAs get deleted. This is not what I want. >> >> I am running only charon from /usr/libexec/charon. I use IKEv1 and >> communicate to charon using the vici plugin. close_action is set to >> none but as I understand it, close_action only affects ikev2. >> >> Ahmad >> >> On Wed, Aug 5, 2015 at 2:14 AM, Tobias Brunner <[email protected]> wrote: >>> Hi Ahmad, >>> >>>> Is there anyway I can set installpolicy=false using vici or even >>>> strongswan.conf? I am using strongswan.conf to load the plugins and >>>> using vici to load connections. >>> >>> The patch at [1] adds this feature. Let me know if it works for you. >>> >>> Regards, >>> Tobias >>> >>> [1] https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=a036bae6 >>> >> _______________________________________________ >> Users mailing list >> [email protected] >> https://lists.strongswan.org/mailman/listinfo/users > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJVxiqXAAoJEDg5KY9j7GZYaYoP/2JiaQ35ov2ptKFLbN+wmpUM > k1REHmENNwvgypIChYD0Mq9VMPpRdMgPV5Y9MpyZ/fmKBIDlqWTgcQG1j0s7I/YJ > hpYANqZrcLXD4qx6vmyj/7mcgYhnmbHGXaELoA8ST6RfNej5/Ek+yCPwe/IbV+OJ > 072MuXmt6W+4pLcWBj8iOWK6Gf94rwNJ0JVKlIfDFxICNoVeGidsKyPr1NkEk1Bt > mCZDhJzKaFNT/WGLDEol2t3Y8XdIuf2LnSLg3PAwNwVqQdYxr/r3H7KSAZYXz0Ou > xtmMtYxSjzg+2H81gp7SIM6BkqJPtLp0CLB7Ed4eX1Ylr2De54Pw6fAVb7IBM3We > HalwNivGSsqribxhXAW/DGEfJCcEZjOWjUOSJ6lpAl/v4mHS3FLiuE7rGXASrURo > NwtwZI3YXTk4+4z0hkAIjyz+jt9Hrrze1hRKFNgQHdpez6d97lWXQ1Kqa3uBDMIK > n+QrzSk0RBEczmiCFhP3Nq8ioO9ibxDfctLFEqtF6ogXQY58sz/HTzBPG7NRABJz > 63VfoVyYcz/jG6gLJ6JdqnbwRhYcMZLQQV1ZKcAfi3IlyZ2tIWtlj50Oi5u4+E4f > aLkRhrI3f+tj3WfS+kD2DaMfbuBbUmCp1ZmWL2um40MRpvRxlSW13af5ZimolZ5c > kwPDd2M8wK3MMBSKS9Me > =VWX9 > -----END PGP SIGNATURE----- > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
