Project

General

Profile

Issue #3097

charon restart behaviour

Added by Krishnamurthy Daulatabad over 1 year ago. Updated over 1 year ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
charon
Affected version:
5.7.2
Resolution:

Description

This is a query regarding charon restart behaviour while running as a responder. The scenario is like below:
- IPSEC SA established between initiator and responder
- both initiator and responder are exchanging DPD INFORMATIONAL messages
- Responder system crashes, restarts and charon daemon is restarted.
- Initiator is in DPD detection phase.
- The new charon daemon on responder receives DPD INFORMATION messages from initiator and looks like, ignores it
- The SA (data path) is dead until the initiator completes the DPD phase and initiates a new SA request.

So my questions is
- Is there anyway for the responder to trigger the "connection close" (after it restarts) when it receives a DPD information request from initiator ?

History

#1 Updated by Tobias Brunner over 1 year ago

  • Status changed from New to Feedback

- Is there anyway for the responder to trigger the "connection close" (after it restarts) when it receives a DPD information request from initiator ?

No, it doesn't know anything about the previous SAs (SPIs, key material etc.). And strongSwan doesn't return unencrypted INFORMATIONALs with INVALID_SPI notifies (which initiators would also have to handle somehow). It currently also doesn't support RFC 6290 or RFC 5723 (again, initiators would have to support these too).

#2 Updated by Krishnamurthy Daulatabad over 1 year ago

Thanks for the quick response. Is there any plan to implement RFC 6290 anytime soon?

#3 Updated by Tobias Brunner over 1 year ago

Is there any plan to implement RFC 6290 anytime soon?

Not at this moment.

Also available in: Atom PDF