[Swan] Frequent dropped connections and martian source
paul at nohats.ca
Wed May 22 03:16:53 UTC 2019
On Tue, 21 May 2019, Andrew Cagney wrote:
> libreswan 3.28 will likely land in Fedora 29 over coming days. While
> I suspect it doesn't address:
I have pushed updates into testing, so this should work already:
yum update --enablerepo=updates-testing libreswan
> (the log message can still be found in the sources) a number of
> significant changes to how IKEv2 Message IDs are handled were made and
> they may affect this.
> If the message ID deadlock message still occurs, can you look back
> through the logs for anything pertaining to the IKE SA (aka parent or
> #2019 in the above) especially anything that suggests a packet is
> being sent.
Yes the deadlock would still occur, but the IPsec SA failing will
trigger the 3.28 revive conn code now and should re-establish.
The original problem should still be investigated. Why does the remote
stop responding to our requests (likely our DPD/liveness probes)
More information about the Swan