Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

Hi Anand, conn toevm2-psk ... auto=route The problem is the combination of auto=route and reauth=yes (which is the default). With reauth=yes the IKE_SA is not rekeyed but reauthenticated. This means that the IKE_SA is first deleted and then reestablished. During this (albeit

Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

hangs after failing to delete Rekeyed IPsec SAs Hi Anand, conn toevm2-psk     ...     auto=route The problem is the combination of auto=route and reauth=yes (which is the default).  With reauth=yes the IKE_SA is not rekeyed but reauthenticated.  This means that the IKE_SA is first deleted

Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

Cc: Tobias Brunner tob...@strongswan.org; users@lists.strongswan.org users@lists.strongswan.org Sent: Friday, March 23, 2012 7:16 PM Subject: Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs Hi Anand, wrt RFC 4306 Page 22:     If the two ends have the same lifetime policies

Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

- From: Tobias Brunnertob...@strongswan.org To: anand raoanandrao...@yahoo.co.in Cc: users@lists.strongswan.orgusers@lists.strongswan.org Sent: Tuesday, March 20, 2012 2:25 PM Subject: Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs Hi Anand, On my environment

Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

- From: Tobias Brunner tob...@strongswan.org To: anand rao anandrao...@yahoo.co.in Cc: users@lists.strongswan.org users@lists.strongswan.org Sent: Monday, March 19, 2012 9:17 PM Subject: Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs Hi Anand, conn %default

Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

Hi Anand, On my environment there is no support for kernel-netlink interface for IPsec, I have to use kernel-pfkey interface only as I have my hooks registered in PFKEY to XFRM for IPsec. I have tried latest versions of strongswan (4.5.1 and 4.5.3) both resulted in kernel panic after

Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

PM Subject: Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs Hi Anand, On my environment there is no support for kernel-netlink interface for IPsec, I have to use kernel-pfkey interface only as I have my hooks registered in PFKEY to XFRM for IPsec. I have tried

[strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

Hi, I am using strongswan 4.3.6 I have configured two peers to establish tunnel in tunnel mode. Here is configuration in  ipsec.conf  config setup     strictcrlpolicy=no     crlcheckinterval=180     plutostart=yes     charonstart=yes     nat_traversal=yes conn %default     ikelifetime=10m    

Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

Hi Anand, conn %default ikelifetime=10m keylife=5m rekeymargin=3m Not sure what exactly the problem is but I suspect it might be related to the times you configured above (at least partially). Please have a look at the wiki page documenting how rekey times are calculated [1].