Hi, > Is there any other way to administratively shutdown the connection > using IKE_DELETE, overriding the dpd re-transmission task?
"ipsec down" tries to gracefully close the tunnel, sending a DELETE message. As there is a DPD exchange in progress, with IKEv2 and a window size == 1, that message has to be queued. One could just remove the IKE_SA state without notification, but this is not what "ipsec down" does. Unfortunately, there is currently no mechanism to immediately delete such an IKE_SA. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
