[ClusterLabs] Libreswan state machine
Ryszard Styczynski
rstyczynski at gmail.com
Thu Apr 8 03:38:15 EDT 2021
That's right. I just realised it. Apologies for the spam.
> On 8 Apr 2021, at 09:36, Reid Wahl <nwahl at redhat.com> wrote:
>
> Hi, Ryszard.
>
> I believe you may have mailed the wrong list by mistake, as your question doesn't appear related to the ClusterLabs project. Perhaps someone here might know though.
>
> On Thursday, April 8, 2021, Ryszard Styczynski <rstyczynski at gmail.com <mailto:rstyczynski at gmail.com>> wrote:
> > Hello,
> >
> > I'm looking for IPsec state machine implemented in Libreswan. I may guess how states are correlated, but having a state machine will give me a final answer.
> >
> > My current question is what is a next state after STATE_QUICK_R2? Should IPsec engine wait for rekeying? How long? How many times should repeat waiting step? Should go back to STATE_MAIN and delete SA? When?
> >
> > I currently see i my system that:
> > 1. STATE_QUICK_R2 may go to STATE_MAIN_R3, delete SA, and reestablish connection from Phase 1 - it happens after 15 seconds
> > 2. STATE_QUICK_R2 may go to STATE_QUICK_R1 and process rekeying - it happens when peer responds quicker than 15 seconds
> >
> > How to understand why sometimes SA is deleted (what causes 5 minutes line drop), and sometimes rekeying is completed? How to control time limits?
> >
> > Thanks,
> > Ryszard
> > _______________________________________________
> > Manage your subscription:
> > https://lists.clusterlabs.org/mailman/listinfo/users <https://lists.clusterlabs.org/mailman/listinfo/users>
> >
> > ClusterLabs home: https://www.clusterlabs.org/ <https://www.clusterlabs.org/>
> >
> >
>
> --
> Regards,
>
> Reid Wahl, RHCA
> Senior Software Maintenance Engineer, Red Hat
> CEE - Platform Support Delivery - ClusterHA
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20210408/ca091dbf/attachment.htm>
More information about the Users
mailing list