Hi Sajal, which strongSwan version are you using? We had some rekeying problems in the past, where multiple IKE and CHILD SAs were established over time. In newer version though, usually only one SA with a given traffic selector is installed or there might be at the most two IKE_SAs and corresponding CHILD_SAs if both sides initiate simultaneously with auto=start.
Regards Andreas On 06.12.2010 12:21, Sajal Malhotra wrote: > Hi, > > I am using Strongswan Charon (IKEv2) stack. Just wanted to know if there > is *any limit *that we can put on the number of CHILD SAs that can be > created using the *same Traffic Selectors.* > Actually I have a limited memory in my system and hence cannot afford to > have uncountable SAs being created with same TS. > > Also, what is the handling done by charon if the kernel returns failure > because it is unable to install SAD or SPD due to insufficient memory > space. > > Is there a way to stop charon from creating multiple CHILD SA with same TS > > Thanks and Regards > Sajal ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
