[Openswan Users] "Delete SA payload" killing tunnel

Matthew Claridge mclaridge at rwa-net.co.uk
Wed Oct 13 11:44:16 CEST 2004


I've got a working openswan tunnel to a Cisco VPN 3000. Everything is 
fine most of the time - SAs are replaced periodically and the tunnel 
stays up.

However, the Cisco box is sending regular "Delete SA" payloads, which 
causes Openswan to delete its ISAKMP SA. This kills the tunnel and the 
only way to bring it back up is to restart ipsec completely.

Is there any way I can make openswan ignore these payloads? I don't see 
any need for them as the SAs are being regularly deleted anyway and 
replaced with new ones. Is this an Openswan bug or an incompatibility 
issue or something else?


More information about the Users mailing list