Hi Martin,
Martin Willi wrote:
> Hi Christophe,
>
>
>> The stroke down tunnel1{*} command would be of great help. When deleting
>> a connection, I want to remove all CHILD_SAs with that name, and this
>> command would do the job.
>>
> I've implemented this functionality, changeset [1].
>
Hi Christophe,
> The stroke down tunnel1{*} command would be of great help. When deleting
> a connection, I want to remove all CHILD_SAs with that name, and this
> command would do the job.
I've implemented this functionality, changeset [1].
> When deleting a connection, I would like a cleanup
Hi Martin,
Martin Willi wrote:
> Hi,
>> the connection is actually deleted in charon, but the
>> derived IKE_SA and CHILD_SAs remain.
>
> Yes, we currently do not terminate already established connections, but
> remove the configuration from the daemon. This is "by design".
>
>> More complex situ
Hi,
> the connection is actually deleted in charon, but the
> derived IKE_SA and CHILD_SAs remain.
Yes, we currently do not terminate already established connections, but
remove the configuration from the daemon. This is "by design".
> More complex situation may happen, where several CHILD_SAs
Hi,
While trying to use the "ipsec update" function to update the charon
configuration, I noticed that when deleting a connection from the
ipsec.conf file, the connection is actually deleted in charon, but the
derived IKE_SA and CHILD_SAs remain.
This means that IPsec SAs and SPs remain in kern