Also, Just to confirm/clarify: Do you mean to say that with the fix in the latest version:
- If we fire an "ipsec up" command for a connection multiple times, OR - If we fire "ipsec up" command for a connection that is already up (i.e SA for it is already established) Then Also only one SA will be installed. Correct ? If Yes, then i would really appreciate if you can point us to the piece of code which handles this fix Thanks and Regards Sajal On Tue, Dec 7, 2010 at 11:45 AM, Sajal Malhotra <[email protected]>wrote: > Hi Andreas, > > Thanks for the prompt response. > We are using a pretty old version 4.2.8 :( > Do you have any patch available for this fix. Or can you just hint us on > the source code files where we can look for the change. > It would be a great help. > > > Thanks and Regards > Sajal Malhotra > > > > On Mon, Dec 6, 2010 at 6:06 PM, Andreas Steffen < > [email protected]> wrote: > >> Hi Sajal, >> >> which strongSwan version are you using? We had some rekeying >> problems in the past, where multiple IKE and CHILD SAs were >> established over time. In newer version though, usually only >> one SA with a given traffic selector is installed or there >> might be at the most two IKE_SAs and corresponding CHILD_SAs >> if both sides initiate simultaneously with auto=start. >> >> Regards >> >> Andreas >> >> On 06.12.2010 12:21, Sajal Malhotra wrote: >> > Hi, >> > >> > I am using Strongswan Charon (IKEv2) stack. Just wanted to know if there >> > is *any limit *that we can put on the number of CHILD SAs that can be >> > created using the *same Traffic Selectors.* >> > Actually I have a limited memory in my system and hence cannot afford to >> > have uncountable SAs being created with same TS. >> > >> > Also, what is the handling done by charon if the kernel returns failure >> > because it is unable to install SAD or SPD due to insufficient memory >> > space. >> > >> > Is there a way to stop charon from creating multiple CHILD SA with same >> TS >> > >> > Thanks and Regards >> > Sajal >> >> ====================================================================== >> Andreas Steffen [email protected] >> strongSwan - the Linux VPN Solution! www.strongswan.org >> Institute for Internet Technologies and Applications >> University of Applied Sciences Rapperswil >> CH-8640 Rapperswil (Switzerland) >> ===========================================================[ITA-HSR]== >> > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
