Dear all:
I am writing to ask a question with strongswan 4.6.4 running in Linux
2.6.21.7. Following , I will describe the problem in detail:
firstly, there is abnormal printing in the message ,just like: ignoring IKE_SA
setup from 10.0.30.74, half open IKE_SA count of 2503 exceeds limit of
1000。Then I input a command ip –s xfrm policy,it show such information:
src 10.0.30.74/32 dst 10.7.0.0/17 uid 0
dir in action block index 1730496 priority 7999 share any flag
0x00000000
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2013-01-08 17:25:41 use –
I want to make sure whether the half open IKE_SA exceeding limit will lead to
xfrm policy appear such “action block” information? And I want to know whether
this is normal ?
Moreover, I have another problem .first,I established 10000 ipsec tunnels use a
instrument,then I stoped the instrument and many delete messge was found, at
last I restarted ipsec and then found that the xfrm modules still has many SA
and SP . I wonder whether this is normal?
Thank you for your attention to this letter .I am looking forward your reply。
Yous Anna.
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
