Simon T
2018-11-08 15:38:09 UTC
Hi,
Running the below command on a tunnel where the other endpoint isn't
responding results in an explosion of CHILD_CREATE tasks.
while true; do ipsec stroke up-nb tun; done
Leave the command running for a couple hours, ipsec statusall is full
of CHILD_CREATEs. Is there a way to prevent Strongswan from creating
new CHILD_CREATE tasks if the task already exists for the tunnel?
With tunnel config:
conn tun
ikelifetime=14400s
keylife=10800s
rekeymargin=600s
keyingtries=%forever
keyexchange=ikev2
authby=secret
ike=aes256-sha256-modp1536!
esp=aes256-sha256-modp1536!
auto=start
forceencaps=no
left=10.0.0.1
leftfirewall=no
leftid=
leftsubnet=192.168.38.0/24
rekeymargin=600s
right=1.1.1.1
rightfirewall=no
rightid=
rightsubnet=192.168.100.0/24
Regards,
Simon
Running the below command on a tunnel where the other endpoint isn't
responding results in an explosion of CHILD_CREATE tasks.
while true; do ipsec stroke up-nb tun; done
Leave the command running for a couple hours, ipsec statusall is full
of CHILD_CREATEs. Is there a way to prevent Strongswan from creating
new CHILD_CREATE tasks if the task already exists for the tunnel?
With tunnel config:
conn tun
ikelifetime=14400s
keylife=10800s
rekeymargin=600s
keyingtries=%forever
keyexchange=ikev2
authby=secret
ike=aes256-sha256-modp1536!
esp=aes256-sha256-modp1536!
auto=start
forceencaps=no
left=10.0.0.1
leftfirewall=no
leftid=
leftsubnet=192.168.38.0/24
rekeymargin=600s
right=1.1.1.1
rightfirewall=no
rightid=
rightsubnet=192.168.100.0/24
Regards,
Simon