Project

General

Profile

Issue #1288

Updated by Tobias Brunner almost 5 years ago

Hi,
The config on host is as below:
<pre>
#
@# ipsec.conf
# FlexiPlatform: IPsec configuration file

config setup

uniqueids=no

charondebug="knl 2,enc 0,net 0,ike 2,cfg 2,mgr 2,chd 2"

conn %default

auto=route

keyexchange=ikev2

reauth=no

ca RULEABC-01~VPNABC-1

cacert="/etc/ipsec.d/cacerts/"

conn RULEABC-01~VPNABC-1

rekeymargin=6

rekeyfuzz=100%

keyexchange=ikev1

left=34.2.2.200

right=34.2.2.10

leftsubnet=34.2.2.0/24

rightsubnet=34.2.2.0/24

authby=rsasig

leftcert="/etc/ipsec.d/certs/fpccert.pem"

leftid=34.2.2.200

rightid=%any

ike=aes128-sha1-modp768!

esp=aes128-sha1!

type=tunnel

ikelifetime=500s

keylife=500s

mobike=no

auto=route
reauth=no

</pre>
reauth=no@

The peer is not up, execute command "ping 34.2.2.101 -I 34.2.2.201", a special SAD appeared as below:
<pre>
[root@24F-VFPC-002 ~]# ip xfrm state
src 34.2.2.200 dst 34.2.2.10
proto esp spi 0x00000000 reqid 1 mode tunnel
replay-window 0
sel src 34.2.2.201/32 dst 34.2.2.101/32 proto icmp type 8 code 0
</pre>



If I restart charon by command "ipsec restart", the SAD is still there, however, after a while it disappeared.
Does this SAD inserted by charon? If yes, which file and function in source code it's mapped to? Thanks!

Heidi

Back