Ok, I figured it out:
1) the connections have to be initiated from Host A (which also creates
connections in CONNECTING state on Host B)
2) I had to lower charon.cookie_threshold below 5 (which is the default
of charon.block_threshold) on Host B
On 02.06.2016 15:02, Thomas Oberhammer wrote:
Hi
I am trying to reproduce a situation where the responder sends a
COOKIE message.
I have a setup with two strongswan hosts: On host A, I added a
firewall rule that blocks all 500/udp from host B.
When I run 'ipsec up <connection to A>' on host B multiple times, I
have many connections in CONNECTING state.
My expectation was that when I remove the firewall rule and initiate a
connection from A, B would reply with a COOKIE message due to the many
half open tunnels, but apparently it does not.
Can you please describe how I can force B to send COOKIE messages?
Best regards
Thomas
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
