Hi, > I am getting the following warning/error message while trying to > simulate the Half open tunnel scenrios.
> 15[NET] ignoring IKE_SA setup from 40.40.40.41, peer too aggressive > Anyone help the reason for this message? The peer at 40.40.40.41 has too many IKE_SAs in half open state, i.e. is simultaneously establishing IKE_SAs before it completed them. This limit defaults to 5 SAs, and can be changed with the charon.block_threshold strongswan.conf option. If you are trying to trigger COOKIE messages, you'll have to send the IKE_SA_INIT messages from many different source addresses: COOKIE messages just verify the senders IP address. Once this has been done, a second check verifies that a single (verified) IP address does not initiate more than a certain number of connections at the same time. Regards Martin _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
