Hi Martin, Thank you for your response. What are the pro's and con's of introducing such immediate delete of IKE_SA?
On Mon, Jul 21, 2014 at 3:24 PM, Martin Willi <[email protected]> wrote: > Hi, > > > Is there any other way to administratively shutdown the connection > > using IKE_DELETE, overriding the dpd re-transmission task? > > "ipsec down" tries to gracefully close the tunnel, sending a DELETE > message. As there is a DPD exchange in progress, with IKEv2 and a window > size == 1, that message has to be queued. > > One could just remove the IKE_SA state without notification, but this is > not what "ipsec down" does. Unfortunately, there is currently no > mechanism to immediately delete such an IKE_SA. > > Regards > Martin > > -- Regards Nanduâ„¢
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
