[Swan-dev] [Swan] Frequent Crashing with libreswan 3.10/pluto
Paul Wouters
paul at nohats.ca
Tue Oct 14 20:08:15 EEST 2014
On Tue, 14 Oct 2014, Reuben Farrelly wrote:
>>> Start libreswan - IPSec negotiates and comes up successfully
>>> Reset interface on router so that 4G link gets a new IP address
>>> IPSec attempts to re-establish and fails
>>
>> This should have been caught by the uniqueid code... Interesting.
>
> FWIW a full reload of the IOS router also triggers this problem, not just a
> change in IP.
I managed to reproduce this with IKEv2 in test case ikev2-27-uniqueid
The case where it does not change IP worked fine for me. In my test case
I use:
ipsec auto --up road-eastnet-ikev2
# change ip to a new one and restart pluto
ip addr del 192.1.3.33/24 dev eth1
ip addr add 192.1.3.34/24 dev eth1
ip route add 0.0.0.0/0 via 192.1.3.254 dev eth1
kill -9 `cat /var/run/pluto/pluto.pid`
ipsec setup restart
/testing/pluto/bin/wait-until-pluto-started
ipsec auto --add road-eastnet-ikev2
ipsec auto --up road-eastnet-ikev2
There is no bug when the 3 ip lines are commented out.
With the ip lines enabled, it shows the problem of "route already in use" only when IKEv2 is used.
Paul
More information about the Swan-dev
mailing list