[Openswan Users] what happens during /etc/init.d/ipsec stop ?

Paul Wouters paul at xelerance.com
Wed Dec 1 11:39:24 CET 2004

On Wed, 1 Dec 2004, albert agusti wrote:

> > the nat-t patch as supplied by us (or obtained by 'make nattpatch' is only
> > for use with KLIPS, not for use of the 2.6 NETKEY stack.
> I used a patch provided after asking for a rekey problem in this list
> and the fact is that it solved the rekey problem perfectly

We are talking about different things then. Ok.
> > If you stop one end, a Notify/Delete message is sent by that end. Do
> > you receive that on the remote? Is it ignored?
> It's received and the SA information is removed from the host. If I do a
> ipsec auto --status, the perception of the Ipsec gateway is clean (no
> ISAKMP SA or Ipsec SA are shown). The status of the route is in
> "prospective erouted" and show eroute pointing to #n. Not sure if  this
> is what should be.

There should be no corresponding eroute entry after a delete notify has 
been processed.

> > Can you try 2.3.0dr4 and see if the problem remains?
> I'll do and I'll report to you, but do you thinking is possibly solved
> because some modifications in sensible code have been done ?

I am not if the code was sensible, but there have been a lot of changes :)


More information about the Users mailing list