I’m working on a custom plug-in which involves communicating tunnel state (SA’s and policies) to an external IPsec stack.
I’d like to implement a recovery mechanism such that if the external stack should restart, charon will simply flush all existing tunnel state. I have tried the following: charon->ike_sa_manager->flush(charon->ike_sa_manager); And this seems to flush out all existing SA’s and policies, which is what I want. Unfortunately, after I issue this call, I can no longer establish new tunnels to strongSwan (it receives IKE messages, but doesn’t seem to generate any responses). I then need to restart the process. Is there something else I need to flush in order to restore charon to a clean state? Or would just aborting the process and letting starter restart it be a better cleanup approach? Thanks! /Ry
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
