[Swan] Routes dropping

Paul Wouters paul at nohats.ca
Tue Jun 20 12:59:52 UTC 2017 

Can you arrange for some logfiles I can have a look at?

Can you also try a 3.20rcX release candidate?

Sent from my iPhone

> On Jun 20, 2017, at 08:27, Bob Cribbs <bob.cribbs at policystat.com> wrote:
> 
> Hi,
> 
> Im experiencing a new problem with my upgrade process (3.12->3.20), this time it's the routes.
> 
> I have ~70 tunnels setup on my server.
> After ipsec is (re)started, all the routes come up.
> But then 1-2 minutes later, there are only a subset of those that are still up, ~10 of them. It's always the same 10 that are persisting.
> All the tunnels are still showing up as connected, including those that are now missing the routes.
> 
> Sending data through the tunnel, only works for those that have routes, for the other ones is timing out.
> 
> I tried downgrading from 3.20 -> 3.19 same problem.
> I tried downgrading further 3.19 -> 3.18. Routes seem to be persisting on 3.18.
> 
> I suspect there is a problem with encapsulation and NAT and keepalive.
> On 3.12 and 3.18, i used `forceencaps=yes`
> On 3.20 i tried `encapsulation=yes`, and `encapsulation=auto` routes are disconnecting with either of them.
> 
> ```
> conn customer
>         authby=secret
>         dpddelay=40
>         dpdtimeout=120
>         dpdaction=restart
>         auto=start
>         encapsulation=yes
>         pfs=yes
>         ike=aes256-sha1
>         phase2alg=aes256-sha1
>         left=%defaultroute
>         leftid=184.X.X.X
>         leftsourceip=184.X.X.X
>         leftsubnet=184.X.X.X/32
>         right=72.Y.Y.Y
>         rightid=72.Y.Y.Y
>         rightsubnet=10.B.B.B/32
> ```
> 
> Once the route disappears, it doesnt come back even if i try:
> ```
> $ sudo ipsec auto --down customer
> $ sudo ipsec auto --up customer
> ```
> 
> Am I missing some config to keep the route up on the 3.20 version?
> 
> Thank you.
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20170620/a47175df/attachment-0001.html>

More information about the Swan mailing list