Hi:

We have found a message sequencing error scenario which yields
unexpected/undesirable behavior:

1. An established IKE_SA has an established CHILD_SA, with a non-strongSwan
gateway.
2. During rekeying, at the point there are two established CHILD_SAs, the
old and the new CHILD_SAs, a request is received from the peer to DELETE the
IKE_SA.
3. Our strongSwan is configured to automatically restart.
4. It dutifully restarts the IKE_SA and CHILD_SAs that currently exist, even
though the old one is an artifact of an incomplete rekey sequence.

Do you agree this is an issue?


Some thoughts on fixing it:

Inspiration comes from a fix for a similar issue:

http://wiki.strongswan.org/projects/strongswan/repository/revisions/2f57e6da
0e83a3e64e36dd2559b2579b9b1e32a2 

Where a CHILD_SA's close action was "adjusted" so that it is not recreated
upon restart.  

In our error scenario, could this same technique be used on the "Old" SA
(the one being rekeyed) to prevent a restart action on it?

That is when a new SA is created for a policy, the old SA's action (for the
same policy) would be set to "NONE".

What do you think?

Thanks,
Stephen


_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to