Hi Volodymyr, > thanks a lot, it works. It worth to say, that timeout must be set to > reasonable value to allow Strongswan to finish the task. If set to -1 or > few milliseconds, it returns failure as well :)
If you are referring to the returned error "terminating SA failed", that's because with -1 (or a short timeout) the code doesn't wait until the termination is fully completed (a regular termination causes DELETEs to be sent and until the peer either replies, or there is a timeout after several retransmits, it is not complete). So you get that error because VICI doesn't know if the SA was actually terminated. The termination is still initiated unless you receive the error "no matching SAs to terminate found", it just happens in the background. If you don't want to wait and send retransmits for DELETEs, use the "force" option, optionally combined with a timeout, so the code waits for a reply to the DELETEs for a while and then destroys the SA even if none was received. Regards, Tobias
