[Openswan Users] what happens during /etc/init.d/ipsec stop ?
Paul Wouters
paul at xelerance.com
Wed Dec 1 11:39:24 CET 2004
On Wed, 1 Dec 2004, albert agusti wrote:
> > the nat-t patch as supplied by us (or obtained by 'make nattpatch' is only
> > for use with KLIPS, not for use of the 2.6 NETKEY stack.
>
> I used a patch provided after asking for a rekey problem in this list
> and the fact is that it solved the rekey problem perfectly
We are talking about different things then. Ok.
> > If you stop one end, a Notify/Delete message is sent by that end. Do
> > you receive that on the remote? Is it ignored?
>
> It's received and the SA information is removed from the host. If I do a
> ipsec auto --status, the perception of the Ipsec gateway is clean (no
> ISAKMP SA or Ipsec SA are shown). The status of the route is in
> "prospective erouted" and show eroute pointing to #n. Not sure if this
> is what should be.
There should be no corresponding eroute entry after a delete notify has
been processed.
> > Can you try 2.3.0dr4 and see if the problem remains?
>
> I'll do and I'll report to you, but do you thinking is possibly solved
> because some modifications in sensible code have been done ?
I am not if the code was sensible, but there have been a lot of changes :)
Paul
More information about the Users
mailing list