[Openswan Users] Duplicate ESP SAs being created
Mike Horn
lists at caddisconsulting.com
Fri Feb 2 17:03:09 EST 2007
I guess what I'm wondering is why the system retains the duplicate ESP SA in
the SADB, I thought it would delete the old SA once the new SA was
established and became active. This is a similar situation to rekeying an
existing SA where for a period of time there are two SAs, but once the new
SA becomes active the old SA is deleted.
Could this be a bug in NETKEY?
-mike
> -----Original Message-----
> From: Paul Wouters [mailto:paul at xelerance.com]
> Sent: Friday, February 02, 2007 12:54 PM
> To: Mike Horn
> Cc: Users at openswan.org
> Subject: RE: [Openswan Users] Duplicate ESP SAs being created
>
> On Fri, 2 Feb 2007, Mike Horn wrote:
>
> > Thanks Paul. I haven't seen this issue in other IPsec devices, is
> > there anyway to delete the first set of Sas (since they
> won't be used)
> > once the second set has been negotiated?
>
> I assume that when you send a DELETE command, the other end,
> having auto=start, will start its own new connection again,
> and you re-state the problem.
>
> Paul
>
>
More information about the Users
mailing list