> This prevents the run of the updown scripts when the delete is executed.
I don't think this will work correctly. The updown script will run for the newly established CHILD_SAs, but then not for the deleted ones. So if the script does e.g. add firewall rules for every established SA these won't all get removed if e.g. make-before-break reauthentication is used. You might better implement some kind of refcounting in your script so that it works with overlapping, duplicate CHILD_SAs. Regards, Tobias _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
