[Swan-dev] pluto: Always delete outbound SA with inbound SA
Paul Wouters
paul at nohats.ca
Mon Apr 20 16:45:01 EEST 2015
On Mon, 20 Apr 2015, Herbert Xu wrote:
> On Fri, Apr 10, 2015 at 04:44:26PM +0800, Herbert Xu wrote:
>> Ever since install_inbound_ipsec_sa was changed to always install
>> the outbound SA before the inbound SA, I have been getting outbound
>> SAs left behind when a phase 2 negotiation fails. This is because
>> pluto will try to delete only the inbound SA if the negotiation
>> isn't complete.
>
> Here is a resend since noone responded to the first email.
It's on my todo list. I am puzzled by your "Ever since
install_inbound_ipsec_sa was changed to always install
the outbound SA before the inbound SA", and wanted to track that
change down first to get more context. I'm thinking the most likely
candidate of this is the removal of the loopback code that did
horrible things like only install part of an SA to itself.
> BTW, do you guys have a public development git tree? The github
> tree seems to be infrequently pushed.
work happens in private branches which are then merged into master and
pushed. But I will try to more regularly push master to github.
Thanks,
Paul
More information about the Swan-dev
mailing list