[Swan] Frequent dropped connections and martian source

Paul Wouters paul at nohats.ca
Wed May 22 03:16:53 UTC 2019

On Tue, 21 May 2019, Andrew Cagney wrote:

> libreswan 3.28 will likely land in Fedora 29 over coming days.  While
> I suspect it doesn't address:

I have pushed updates into testing, so this should work already:

yum update --enablerepo=updates-testing libreswan

> (the log message can still be found in the sources) a number of
> significant changes to how IKEv2 Message IDs are handled were made and
> they may affect this.
> If the message ID deadlock message still occurs, can you look back
> through the logs for anything pertaining to the IKE SA (aka parent or
> #2019 in the above) especially anything that suggests a packet is
> being sent.

Yes the deadlock would still occur, but the IPsec SA failing will
trigger the 3.28 revive conn code now and should re-establish.

The original problem should still be investigated. Why does the remote
stop responding to our requests (likely our DPD/liveness probes)


More information about the Swan mailing list