Project

General

Profile

Issue #2119

Sending delete message when child SA failure

Added by Jeonghoon Lee almost 6 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Category:
configuration
Affected version:
5.1.2
Resolution:
No feedback

Description

Hi,

This is no big deal, but it looks that Strongswan does NOT send delete message in case of that creating the Child SA during the IKE_AUTH exchange fails for some reason like INTERNAL_ADDRESS_FAILURE.

Thanks,
Jeonghoon.

History

#1 Updated by Tobias Brunner almost 6 years ago

  • Status changed from New to Feedback

This is no big deal, but it looks that Strongswan does NOT send delete message in case of that creating the Child SA during the IKE_AUTH exchange fails for some reason like INTERNAL_ADDRESS_FAILURE.

As is logged (failed to establish CHILD_SA, keeping IKE_SA), the IKE_SA is kept, by default, if creating the CHILD_SA fails. If you don't want that you may enable charon.close_ike_on_child_failure in strongswan.conf.

#2 Updated by Tobias Brunner over 5 years ago

  • Category set to configuration
  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to No feedback

Also available in: Atom PDF