[Swan] dpd question

Paul Wouters paul at nohats.ca
Fri Feb 1 20:44:48 UTC 2019


On Fri, 1 Feb 2019, Kostya Vasilyev wrote:

> Now I've set ikev2=insist and see this in the logs:
>
> pluto[8407]: "mytunnel" #7: STATE_V2_IPSEC_R: IPsec SA established transport mode {ESP=>0x0530016d <0x1813ca67 xfrm=AES_CBC_128-HMAC_SHA2_256_128 NATOA=none NATD=none DPD=active}
> pluto[8407]: "mytunnel" #5: suppressing retransmit because superseded by #7 try=1. Drop this negotitation
> pluto[8407]: "mytunnel" #5: deleting state (STATE_PARENT_I1) and NOT sending notification

It is still weird you have two instances competing for the same. Are you
sure #5 didn't start yet a new keying attempt?

Paul


More information about the Swan mailing list