[Openswan Users]
Re: [strongSwan] PROTO_IPSEC_ESP SA not found (maybe expired)
Andreas Steffen
andreas.steffen at strongsec.net
Fri Sep 3 15:06:33 CEST 2004
When an IPsec SA is about to expire *swan sends a delete SA notification
to the peer. Since the same IPsec SA is also about to expire on the
peer side, often the peer is a little faster and has already deleted
the IPsec SA itself. Thus when the delete SA message arrives, the IPsec SA
doesn't exist anymore and the warning below is issued in the log.
If you want to study the SA renewal and deletion mechanism in detail
you can do this by activating the following debug option
ipsec whack --debug-lifecycle
Regards
Andreas
mailinglists wrote:
> Hi
>
> sorry to crosspost this to two mailinglists.
> I get this error on both StrongSwan 2.2.0 and OpenSwan 2.1.5 on a
> vanilla kernel 2.6.8.1 box (Slackware 9.1):
>
> ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x25d1db74) not found
> (maybe expired)
>
> I get ping trough any tunnel but no other traffic.
>
> Thanks for any help
>
> Philipp
=======================================================================
Andreas Steffen e-mail: andreas.steffen at strongsec.com
strongSec GmbH home: http://www.strongsec.com
Alter Zürichweg 20 phone: +41 1 730 80 64
CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65
==========================================[strong internet security]===
More information about the Users
mailing list