[Swan] Lost traffic in GRE tunnel (reassociation?)
Paul Wouters
paul at nohats.ca
Mon Aug 27 02:31:48 UTC 2018
On Thu, 23 Aug 2018, Adam Tauno Williams wrote:
> libreswan-3.20-5.el7_4.x86_64
> One problem - it appears when the connection renegotiates the remote
> site experiences packet loss of tunneled traffic.
Please use 3.25 which has improved PFS handling while rekeying.
> 15:02:46 pluto[29909]: "IPSEC-1" #22021: STATE_MAIN_R3: sent MR3,
> ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=sha
> group=MODP1536}
> 15:02:46 pluto[29909]: "IPSEC-1" #22021: the peer proposed:
> L.M.O.P/32:47/0 -> A.B.C.D/32:47/0
> 15:02:46 pluto[29909]: "IPSEC-1" #22022: we require PFS but Quick I1 SA
> specifies no GROUP_DESCRIPTION
The other end seems to have pfs=no and you have pfs=yes ?
Paul
More information about the Swan
mailing list