Hi, > 1. I have a doubt that while establishing an SA, if a response from > peer does not reach the stack then it will retransmit the request > after a retransmission time out. If still the stack is not able to > receive any response from the peer and the maximum number of > retransmissions has been done (which is 5). Then what does the stack > do in this scenario?
The short answer is that the IKE SA gets destroyed [1]. Apart from that it's not clear to me what you want to know. Could you be a bit more specific? Thanks. > 2. How does the charon come to know about the ipsec configuration that > starter has read from the ipsec.conf?I mean what is the communication > link between starter and charon so that starter can tell charon about > the ipsec configuration which it has read from ipsec.conf? Starter uses a tool called stroke [2] to communicate with charon's stroke-plugin [3] via a UNIX socket. Besides ipsec.conf charon can get its configuration also from other backends such as an SQLite or MySQL database [4] or the OpenWrt UCI interface [5]. Regards, Tobias [1] http://wiki.strongswan.org/repositories/entry/strongswan/src/charon/sa/task_manager.c#L214 [2] http://wiki.strongswan.org/repositories/changes/strongswan/src/stroke/stroke.c [3] http://wiki.strongswan.org/repositories/browse/strongswan/src/charon/plugins/stroke [4] http://wiki.strongswan.org/repositories/browse/strongswan/src/charon/plugins/sql [5] http://wiki.strongswan.org/repositories/browse/strongswan/src/charon/plugins/uci -- ====================================================================== Tobias Brunner tob...@strongswan.org strongSwan - the Linux VPN Solution! http://www.strongswan.org ====================================================================== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users