Issue #2119: Sending delete message when child SA failure - strongSwan

Issue #2119

Sending delete message when child SA failure

Added by Jeonghoon Lee almost 6 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Tobias Brunner

Category:

configuration

Affected version:

5.1.2

Resolution:

No feedback

Description

Hi,

This is no big deal, but it looks that Strongswan does NOT send delete message in case of that creating the Child SA during the IKE_AUTH exchange fails for some reason like INTERNAL_ADDRESS_FAILURE.

Thanks,
Jeonghoon.

History

#1 Updated by Tobias Brunner almost 6 years ago

Status changed from New to Feedback

This is no big deal, but it looks that Strongswan does NOT send delete message in case of that creating the Child SA during the IKE_AUTH exchange fails for some reason like INTERNAL_ADDRESS_FAILURE.

As is logged (failed to establish CHILD_SA, keeping IKE_SA), the IKE_SA is kept, by default, if creating the CHILD_SA fails. If you don't want that you may enable charon.close_ike_on_child_failure in strongswan.conf.

#2 Updated by Tobias Brunner over 5 years ago

Category set to configuration
Status changed from Feedback to Closed
Assignee set to Tobias Brunner
Resolution set to No feedback

Also available in: Atom PDF

Project

General

Profile

strongSwan

Issues

Issue #2119

Sending delete message when child SA failure

History

#1 Updated by Tobias Brunner almost 6 years ago

#2 Updated by Tobias Brunner over 5 years ago