[ClusterLabs] Libreswan state machine

Reid Wahl nwahl at redhat.com
Thu Apr 8 03:36:54 EDT 2021

Hi, Ryszard.

I believe you may have mailed the wrong list by mistake, as your question
doesn't appear related to the ClusterLabs project. Perhaps someone here
might know though.

On Thursday, April 8, 2021, Ryszard Styczynski <rstyczynski at gmail.com>
> Hello,
> I'm looking for IPsec state machine implemented in Libreswan. I may guess
how states are correlated, but having a state machine will give me a final
> My current question is what is a next state after STATE_QUICK_R2? Should
IPsec engine wait for rekeying? How long? How many times should repeat
waiting step? Should go back to STATE_MAIN and delete SA? When?
> I currently see i my system that:
> 1. STATE_QUICK_R2 may go to STATE_MAIN_R3, delete SA, and reestablish
connection from Phase 1 - it happens after 15 seconds
> 2. STATE_QUICK_R2 may go to STATE_QUICK_R1 and process rekeying - it
happens when peer responds quicker than 15 seconds
> How to understand why sometimes SA is deleted (what causes 5 minutes line
drop), and sometimes rekeying is completed? How to control time limits?
> Thanks,
> Ryszard
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
> ClusterLabs home: https://www.clusterlabs.org/


Reid Wahl, RHCA
Senior Software Maintenance Engineer, Red Hat
CEE - Platform Support Delivery - ClusterHA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20210408/063008ac/attachment.htm>

More information about the Users mailing list