Re: [Ipsec-tools-devel] How to to drop tunnels without killing everybody ?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Aarh also :
When I do=20

"echo delete A.B.C.D I.F.G.H esp 124571628 | setkey -c "

I get that in the logs:

racoon: INFO: unsupported PF_KEY message REGISTER

And the SA does not end, so what ?

Wilfried

Wilfried Barnavon (PERSO) a =E9crit :
> Hello Yvan
>
> VANHULLEBUS Yvan a =E9crit :
>  =20
>> What do you mean exactly by "drop" ?
>> Just removing SAs, or completly disable the tunnel ?
>>
>> In the first case, you can just try to delete the SAs directly by
>> using setkey, but that won't send DELETE-SAs to the peer.
>>
>>  =20
>>    =20
> Well. I can set the SA down with the "delete" command of setkey. I just=
=20
> need to get the SPI. That's true ?
>
>  =20
>> In the second case, you can use the config reload function, but you'll
>> need to use HEAD version to have it, or wait for the 0.7 branch.
>>  =20
>>    =20
> Arrh ... what is HEAD version ? how to get it ?
>
>  =20
>> Are you talking about the conf reload mode, or about the "purge SAs"
>> in the monitor ?
>>
>>  =20
>>    =20
> I can have to purge a SA from a freezed peer, in this case I need to=20
> purge the SA. But if I have to test a config, I can need to reload=20
> config of racoon without dropping any other tunnel.
>  =20
>> I reported the first one to HEAD (so it will be included in 0.7.x),
>> but the second uses a custom PFKey message, which is not (yet ?)
>> public (as I didn't expect other people would need it), which is
>> mainly a kernel patch.
>>
>>  =20
>>    =20
> Where can I get such a kernel patch ?
> Do you know when the 0.7 mainline stream will be out ?
> Thanks for your answers
>
> Wilfried
>  =20
>> Yvan.
>>
>>  =20
>>    =20
>
>
> -----------------------------------------------------------------------=
--
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share=
 your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=3D=
DEVDEV
> _______________________________________________
> Ipsec-tools-devel mailing list
> Ips...@li...
> https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel
>  =20