GithubHelp home page GithubHelp logo

Comments (3)

Thermi avatar Thermi commented on May 20, 2024

Note it is not convenient to use {start,dpd,close}_action = trap to delay IKE SA renegotiation, as it is less reliable (in contrary with documentation!) than {start,dpd,close}_action

That is wrong. using "start" does not renegotiate the CHILD_SA if it is explicitely closed by any of the peers and none of the peers negotiate a new one.

from strongswan.

kouli avatar kouli commented on May 20, 2024

That is wrong. using "start" does not renegotiate the CHILD_SA if it is explicitely closed by any of the peers and none of the peers negotiate a new one.

Fortunately not. I have tested it quite extensively before creating this feature request (strongSwan 5.9.1). Combination of {start,dpd,close}_action = start, or probably at least close_action = start, ensures immediate IKE SA and child SA renegotiation if the opposite peer closes child or even IKE SA cleanly (e.g. swanctl -t -{c|i} ... or clean strongSwan shutdown). And with keyingtries = 0, it repeats the renegotiation until it succeeds. Without this being true, I would have created a more important feature request :-)

I have been using {start,dpd,close}_action = trap exclusively for long time trusting the note in documentation. But if you have a device behind NAT and only want to make it remotely accessible via an IPsec tunnel, I believe {start,dpd,close}_action = start to be the only solution: such a device never sends a packet to the tunnel just on its own behalf (which would trigger the trap policy).

from strongswan.

Thermi avatar Thermi commented on May 20, 2024

Okay, sure, we can implement that. But it costs much more money to implement that than to just eat up the carrier charges, or optimize that first.

from strongswan.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.