Hi Tobias, Thanks for your reply.
For the first Query in my previous mail, lets take a Scenario: 1. We provide an IpSec.conf to stack with a configuration that requires a Set of SAs to be established. 2. Now while establishing the SA, It is found that the destination is not reachable(or some other reason) and hence the SA cannot be established 3. Now in this case Stack shall Retry to establish the SA. lets Assume that stack fails to do so even after the maximum number of retransmissions. Now in this Scenario when the stack has exhausted the Max. No. of retries and the SA is still not established, How can we make the stack recover. i.e.when the problem is fixed(destination becomes reachable), how can we make the stack to retry SA establishment. Thanks and Regards Vivek. On 7/16/09, Tobias Brunner <tob...@strongswan.org> wrote: > Hi, > >> 1. I have a doubt that while establishing an SA, if a response from >> peer does not reach the stack then it will retransmit the request >> after a retransmission time out. If still the stack is not able to >> receive any response from the peer and the maximum number of >> retransmissions has been done (which is 5). Then what does the stack >> do in this scenario? > > The short answer is that the IKE SA gets destroyed [1]. Apart from that > it's not clear to me what you want to know. Could you be a bit more > specific? Thanks. > >> 2. How does the charon come to know about the ipsec configuration that >> starter has read from the ipsec.conf?I mean what is the communication >> link between starter and charon so that starter can tell charon about >> the ipsec configuration which it has read from ipsec.conf? > > Starter uses a tool called stroke [2] to communicate with charon's > stroke-plugin [3] via a UNIX socket. > Besides ipsec.conf charon can get its configuration also from other > backends such as an SQLite or MySQL database [4] or the OpenWrt UCI > interface [5]. > > Regards, > Tobias > > [1] > http://wiki.strongswan.org/repositories/entry/strongswan/src/charon/sa/task_manager.c#L214 > [2] > http://wiki.strongswan.org/repositories/changes/strongswan/src/stroke/stroke.c > [3] > http://wiki.strongswan.org/repositories/browse/strongswan/src/charon/plugins/stroke > [4] > http://wiki.strongswan.org/repositories/browse/strongswan/src/charon/plugins/sql > [5] > http://wiki.strongswan.org/repositories/browse/strongswan/src/charon/plugins/uci > > -- > ====================================================================== > Tobias Brunner tob...@strongswan.org > strongSwan - the Linux VPN Solution! http://www.strongswan.org > ====================================================================== > _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
