[Swan] Libreswan 4.7.1 possible race condition?
Jeremy Hayward
jem at briksdal.co.uk
Fri Sep 9 20:42:52 EEST 2022
Hi,
Sadly Jem passed away in December 2020, could you delete him from your
mailing list please.
Catherine Hayward
Jem Hayward
www.briksdal.co.uk
On Mon, 8 Aug 2022 at 16:46, Vitaly Voronov <wizard1024 at gmail.com> wrote:
> Hello All,
>
> I've got an interesting situation.
> Both nodes connected to Cisco. Cisco isn't under my control.
> Node1 has libreswan-4.4-1.el7_9.x86_64 version of Libreswan package,
> Node2 has libreswan-4.7-1.el7.x86_64 version.
> Both nodes uses CentOS 7.
> We'd some network disconnects.
> Node1 reestablished connection, Node2 - not.
> Only manual start-stop connection on Node2 fixed situation.
> I think, this is race condition.
> Can you help in the investigation of this issue?
>
> Config from Node1:
> conn connXXX
> type=tunnel
> auto=start
> authby=secret
> compress=no
> rekey=yes
> left=xxx.xxx.xxx.xxx
> leftsubnet=10.248.163.128/25
> leftsourceip=10.248.163.200
> leftnexthop= %defaultroute
> right=yyy.yyy.yyy.yyy
> rightsubnet=10.248.126.0/23
> rightnexthop= %defaultroute
> keyexchange=ike
> pfs=yes
> ikelifetime=28800s
> salifetime=3600s
> ikev2=permit
> ike=aes128-sha2_256;modp2048
> phase2alg=aes128-sha1
> dpddelay=3
> dpdtimeout=60
> aggrmode=no
>
> Logs:
> Aug 2 02:52:23 node3 pluto[21413]: "connXXX" #213889: received Delete
> SA payload: replace IPsec State #213965 now
> Aug 2 02:52:23 node3 pluto[21413]: "connXXX" #213965: deleting state
> (STATE_QUICK_I2) aged 2385.898189s and sending notification
> Aug 2 02:52:23 node3 pluto[21413]: "connXXX" #213965: ESP traffic
> information: in=1MB out=1MB
> Aug 2 02:52:23 node3 pluto[21413]: "connXXX" #213978: initiating
> Quick Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO to
> replace #213965 {using isakmp#213889 msgid:58cbc58c
> proposal=AES_CBC_128-HMAC_SHA1_96 pfsgroup=MODP2048}
> Aug 2 02:52:23 node3 pluto[21413]: "connXXX" #213978: sent Quick Mode
> request, to replace #213965
> Aug 2 02:52:24 node3 pluto[21413]: "connXXX" #213978: STATE_QUICK_I1:
> retransmission; will wait 0.5 seconds for response
> Aug 2 02:52:24 node3 pluto[21413]: "connXXX" #213978: STATE_QUICK_I1:
> retransmission; will wait 1 seconds for response
> Aug 2 02:52:25 node3 pluto[21413]: "connXXX" #213978: STATE_QUICK_I1:
> retransmission; will wait 2 seconds for response
> Aug 2 02:52:27 node3 pluto[21413]: "connXXX" #213978: STATE_QUICK_I1:
> retransmission; will wait 4 seconds for response
> Aug 2 02:52:31 node3 pluto[21413]: "connXXX" #213978: STATE_QUICK_I1:
> retransmission; will wait 8 seconds for response
> Aug 2 02:52:31 node3 pluto[21413]: "connXXX" #213979: initiating
> Quick Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO
> {using isakmp#213889 msgid:77fd537e proposal=AES_CBC_128-HMAC_SHA1_96
> pfsgroup=MODP2048}
> Aug 2 02:52:31 node3 pluto[21413]: "connXXX" #213979: sent Quick Mode
> request
> Aug 2 02:52:31 node3 pluto[21413]: "connXXX" #213979: STATE_QUICK_I1:
> retransmission; will wait 0.5 seconds for response
> Aug 2 02:52:31 node3 pluto[21413]: "connXXX": assign_holdpass()
> delete_bare_shunt() failed
> Aug 2 02:52:32 node3 pluto[21413]: "connXXX" #213979: STATE_QUICK_I1:
> retransmission; will wait 1 seconds for response
> Aug 2 02:52:33 node3 pluto[21413]: "connXXX" #213979: STATE_QUICK_I1:
> retransmission; will wait 2 seconds for response
> Aug 2 02:52:35 node3 pluto[21413]: "connXXX" #213979: STATE_QUICK_I1:
> retransmission; will wait 4 seconds for response
> Aug 2 02:52:39 node3 pluto[21413]: "connXXX" #213978: STATE_QUICK_I1:
> retransmission; will wait 16 seconds for response
> Aug 2 02:52:39 node3 pluto[21413]: "connXXX" #213979: STATE_QUICK_I1:
> retransmission; will wait 8 seconds for response
> Aug 2 02:52:47 node3 pluto[21413]: "connXXX" #213979: STATE_QUICK_I1:
> retransmission; will wait 16 seconds for response
> Aug 2 02:52:48 node3 pluto[21413]: "connXXX" #213979: ignoring
> informational payload IPSEC_RESPONDER_LIFETIME, msgid=77fd537e,
> length=28
> Aug 2 02:52:48 node3 pluto[21413]: "connXXX" #213979: IPsec SA
> established tunnel mode {ESP=>0x080c1ae3 <0x358a95bc
> xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=active}
> Aug 2 02:52:51 node3 pluto[21413]: "connXXX" #213889: the peer
> proposed: 10.248.163.128/25 -<all>-> 10.248.126.0/23
> Aug 2 02:52:51 node3 pluto[21413]: "connXXX" #213980: IPsec SA
> established tunnel mode {ESP=>0xb8de7067 <0x9856277b
> xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=active}
> Aug 2 02:52:51 node3 pluto[21413]: "connXXX" #213980: responding to
> Quick Mode proposal {msgid:caf60bb7}
> Aug 2 02:52:51 node3 pluto[21413]: "connXXX" #213980: sent Quick Mode
> reply, inbound IPsec SA installed, expecting confirmation tunnel mode
> {ESP=>0xb8de7067 <0x9856277b xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none
> NATD=none DPD=active}
> Aug 2 02:52:51 node3 pluto[21413]: "connXXX" #213980: STATE_QUICK_R1:
> retransmission; will wait 0.5 seconds for response
> Aug 2 02:52:51 node3 pluto[21413]: "connXXX" #213980: us:
> 10.248.163.128/25===xxx.xxx.xxx.xxx<xxx.xxx.xxx.xxx> them:
> yyy.yyy.yyy.yyy<yyy.yyy.yyy.yyy>===10.248.126.0/23
> Aug 2 02:52:55 node3 pluto[21413]: "connXXX" #213978: STATE_QUICK_I1:
> retransmission; will wait 32 seconds for response
> Aug 2 02:52:59 node3 pluto[21413]: "connXXX" #213978: ERROR: netlink
> response for Add SA esp.cfa8ac22 at 153.126.241.6 included errno 3: No
> such process
> Aug 2 02:52:59 node3 pluto[21413]: "connXXX" #213978: ignoring
> informational payload IPSEC_RESPONDER_LIFETIME, msgid=58cbc58c,
> length=28
> Aug 2 02:52:59 node3 pluto[21413]: "connXXX" #213978:
> setup_half_ipsec_sa() hit fail:
> Aug 2 02:52:59 node3 pluto[21413]: "connXXX" #213978: state
> transition function for STATE_QUICK_I1 had internal error
> Aug 2 02:53:59 node3 pluto[21413]: "connXXX" #213978: deleting state
> (STATE_QUICK_I1) aged 96.028758s and NOT sending notification
> Aug 2 02:53:59 node3 pluto[21413]: "connXXX" #213978: ERROR: netlink
> response for Del SA esp.cfa8ac22 at xxx.xxx.xxx.xxx included errno 3: No
> such process
>
> Node2:
> Config:
> conn connXXX
> type=tunnel
> auto=start
> authby=secret
> compress=no
> rekey=yes
> left=xxx.xxx.xxx.xxx
> leftsubnet=10.248.163.0/25
> leftsourceip=10.248.163.100
> leftnexthop= %defaultroute
> right=yyy.yyy.yyy.yyy
> rightsubnet=10.248.126.0/23
> rightnexthop= %defaultroute
> keyexchange=ike
> pfs=yes
> ikelifetime=28800s
> salifetime=3600s
> ikev2=permit
> ike=aes128-sha2_256;modp2048
> phase2alg=aes128-sha1
> dpddelay=3
> dpdtimeout=60
>
> Logs:
> Aug 2 02:52:23 node2 pluto[13376]: "connXXX" #2238: received Delete
> SA payload: replace IPsec State #2245 now
> Aug 2 02:52:23 node2 pluto[13376]: "connXXX" #2245: deleting state
> (STATE_QUICK_I2) aged 1969.446163s and sending notification
> Aug 2 02:52:23 node2 pluto[13376]: "connXXX" #2245: ESP traffic
> information: in=931KB out=991KB
> Aug 2 02:52:23 node2 pluto[13376]: "connXXX" #2250: initiating Quick
> Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES to
> replace #2245 {using isakmp#2238 msgid:ddc494b8
> proposal=AES_CBC_128-HMAC_SHA1_96 pfsgroup=MODP2048}
> Aug 2 02:52:23 node2 pluto[13376]: "connXXX" #2250: sent Quick Mode
> request, to replace #2245
> Aug 2 02:52:24 node2 pluto[13376]: "connXXX" #2250: STATE_QUICK_I1:
> retransmission; will wait 0.5 seconds for response
> Aug 2 02:52:24 node2 pluto[13376]: "connXXX" #2250: STATE_QUICK_I1:
> retransmission; will wait 1 seconds for response
> Aug 2 02:52:24 node2 pluto[13376]: "connXXX" #2251: initiating Quick
> Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
> {using isakmp#2238 msgid:7082f587 proposal=AES_CBC_128-HMAC_SHA1_96
> pfsgroup=MODP2048}
> Aug 2 02:52:24 node2 pluto[13376]: "connXXX" #2251: sent Quick Mode
> request
> Aug 2 02:52:24 node2 pluto[13376]: "connXXX" #2251: STATE_QUICK_I1:
> retransmission; will wait 0.5 seconds for response
> Aug 2 02:52:24 node2 pluto[13376]: "connXXX": assign_holdpass()
> delete_bare_shunt() failed
> Aug 2 02:52:25 node2 pluto[13376]: "connXXX" #2250: STATE_QUICK_I1:
> retransmission; will wait 2 seconds for response
> Aug 2 02:52:25 node2 pluto[13376]: "connXXX" #2251: STATE_QUICK_I1:
> retransmission; will wait 1 seconds for response
> Aug 2 02:52:26 node2 pluto[13376]: "connXXX" #2251: STATE_QUICK_I1:
> retransmission; will wait 2 seconds for response
> Aug 2 02:52:27 node2 pluto[13376]: "connXXX" #2250: STATE_QUICK_I1:
> retransmission; will wait 4 seconds for response
> Aug 2 02:52:28 node2 pluto[13376]: "connXXX" #2251: STATE_QUICK_I1:
> retransmission; will wait 4 seconds for response
> Aug 2 02:52:31 node2 pluto[13376]: "connXXX" #2250: STATE_QUICK_I1:
> retransmission; will wait 8 seconds for response
> Aug 2 02:52:32 node2 pluto[13376]: "connXXX" #2251: STATE_QUICK_I1:
> retransmission; will wait 8 seconds for response
> Aug 2 02:52:39 node2 pluto[13376]: "connXXX" #2250: STATE_QUICK_I1:
> retransmission; will wait 16 seconds for response
> Aug 2 02:52:40 node2 pluto[13376]: "connXXX" #2251: STATE_QUICK_I1:
> retransmission; will wait 16 seconds for response
> Aug 2 02:52:55 node2 pluto[13376]: "connXXX" #2250: STATE_QUICK_I1:
> retransmission; will wait 32 seconds for response
> Aug 2 02:52:55 node2 pluto[13376]: "connXXX" #2252: ignoring
> informational payload IPSEC_RESPONDER_LIFETIME, msgid=9d6add9c,
> length=28
> Aug 2 02:52:55 node2 pluto[13376]: "connXXX" #2252: initiating Quick
> Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
> {using isakmp#2238 msgid:9d6add9c proposal=AES_CBC_128-HMAC_SHA1_96
> pfsgroup=MODP2048}
> Aug 2 02:52:55 node2 pluto[13376]: "connXXX" #2252: IPsec SA
> established tunnel mode {ESP=>0x621158ed <0x7a5995ad
> xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=active}
> Aug 2 02:52:55 node2 pluto[13376]: "connXXX" #2252: sent Quick Mode
> request
> Aug 2 02:52:55 node2 pluto[13376]: "connXXX": assign_holdpass()
> delete_bare_shunt() failed
> Aug 2 02:52:56 node2 pluto[13376]: "connXXX" #2251: STATE_QUICK_I1:
> retransmission; will wait 32 seconds for response
> Aug 2 02:52:57 node2 pluto[13376]: "connXXX" #2250: ERROR: netlink
> response for Add SA esp.fafc210b at xxx.xxx.xxx.xxx included errno 3: No
> such process
> Aug 2 02:52:57 node2 pluto[13376]: "connXXX" #2250: ignoring
> informational payload IPSEC_RESPONDER_LIFETIME, msgid=ddc494b8,
> length=28
> Aug 2 02:52:57 node2 pluto[13376]: "connXXX" #2250:
> setup_half_ipsec_sa() hit fail:
> Aug 2 02:52:57 node2 pluto[13376]: "connXXX" #2250: state transition
> function for STATE_QUICK_I1 had internal error
> Aug 2 02:52:58 node2 pluto[13376]: "connXXX" #2238: the peer
> proposed: 10.248.163.0/25 -<all>-> 10.248.126.0/23
> Aug 2 02:52:58 node2 pluto[13376]: "connXXX" #2253: responding to
> Quick Mode proposal {msgid:02e95d7c}
> Aug 2 02:52:58 node2 pluto[13376]: "connXXX" #2253: sent Quick Mode
> reply, inbound IPsec SA installed, expecting confirmation tunnel mode
> {ESP=>0xc300fd35 <0x833a0e96 xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=active}
> Aug 2 02:52:58 node2 pluto[13376]: "connXXX" #2253: us:
> 10.248.163.0/25===xxx.xxx.xxx.xxx them:
> yyy.yyy.yyy.yyy===10.248.126.0/23
> Aug 2 02:52:59 node2 pluto[13376]: "connXXX" #2251: ERROR: netlink
> response for Add SA esp.89730d94 at xxx.xxx.xxx.xxx included errno 3: No
> such process
> Aug 2 02:52:59 node2 pluto[13376]: "connXXX" #2251: ignoring
> informational payload IPSEC_RESPONDER_LIFETIME, msgid=7082f587,
> length=28
> Aug 2 02:52:59 node2 pluto[13376]: "connXXX" #2251:
> setup_half_ipsec_sa() hit fail:
> Aug 2 02:52:59 node2 pluto[13376]: "connXXX" #2251: state transition
> function for STATE_QUICK_I1 had internal error
> Aug 2 02:52:59 node2 pluto[13376]: "connXXX" #2253: STATE_QUICK_R1:
> retransmission; will wait 0.5 seconds for response
> Aug 2 02:52:59 node2 pluto[13376]: "connXXX" #2253: STATE_QUICK_R1:
> retransmission; will wait 1 seconds for response
> Aug 2 02:53:00 node2 pluto[13376]: "connXXX" #2253: IPsec SA
> established tunnel mode {ESP=>0xc300fd35 <0x833a0e96
> xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=active}
> Aug 2 02:53:57 node2 pluto[13376]: "connXXX" #2250: deleting state
> (STATE_QUICK_I1) aged 93.653775s and NOT sending notification
> Aug 2 02:53:59 node2 pluto[13376]: "connXXX" #2251: deleting state
> (STATE_QUICK_I1) aged 95.550253s and NOT sending notification
> Aug 2 02:54:00 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:54:06 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:54:11 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:54:16 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:54:21 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:54:26 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:54:31 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:54:36 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:54:42 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:54:47 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:54:52 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:54:57 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:55:03 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:55:08 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:55:13 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:55:18 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:55:23 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:55:28 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:55:33 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:55:38 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:55:44 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:55:49 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:55:54 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:55:59 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:56:04 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:56:09 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:56:14 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:56:19 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:56:24 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:56:29 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:56:34 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:56:39 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:56:44 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:56:49 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:56:54 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:56:59 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:57:04 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:57:09 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:57:14 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:57:20 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:57:25 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:57:30 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:57:35 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:57:40 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:57:45 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:57:50 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:57:55 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:58:00 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:58:05 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:58:10 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:58:16 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:58:21 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:58:26 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:58:31 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:58:36 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:58:41 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:58:46 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:58:51 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:58:56 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:59:02 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:59:07 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:59:12 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:59:17 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:59:22 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:59:27 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:59:32 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:59:37 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:59:42 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:59:47 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:59:52 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 02:59:57 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:00:02 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:00:07 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:00:13 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:00:18 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:00:23 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:00:28 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:00:33 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:00:38 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:00:43 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:00:48 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:00:53 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:00:58 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:01:03 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:01:08 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:01:13 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:01:18 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:01:23 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:01:28 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:01:34 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:01:39 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:01:44 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:01:49 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:01:54 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:01:59 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:02:04 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:02:10 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:02:15 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:02:20 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:02:25 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:02:30 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:02:35 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:02:40 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:02:45 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:02:50 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:02:55 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:03:00 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
> SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
> Aug 2 03:03:02 node2 pluto[13376]: "connXXX" #2238: deleting state
> (STATE_MAIN_I4) aged 5954.557739s and sending notification
> Aug 2 03:03:02 node2 pluto[13376]: "connXXX" #2252: deleting state
> (STATE_QUICK_I2) aged 607.797639s and sending notification
> Aug 2 03:03:02 node2 pluto[13376]: "connXXX" #2252: ESP traffic
> information: in=1KB out=979B
> Aug 2 03:03:02 node2 pluto[13376]: "connXXX" #2253: deleting state
> (STATE_QUICK_R2) aged 604.307876s and sending notification
> Aug 2 03:03:02 node2 pluto[13376]: "connXXX" #2253: ESP traffic
> information: in=32KB out=60B
> Aug 2 03:03:02 node2 pluto[13376]: "connXXX": terminating SAs using
> this connection
> Aug 2 03:03:10 node2 pluto[13376]: "connXXX": added IKEv1 connection
> Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2254: ignoring unknown
> Vendor ID payload [0f 54 ea b6 bb 44 18 1a 22 33 00 f7 10 ca 2f 48]
> Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2254: IKE SA
> established {auth=PRESHARED_KEY cipher=AES_CBC_128 integ=HMAC_SHA2_256
> group=MODP2048}
> Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2254: initiating IKEv1
> Main Mode connection
> Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2254: Peer ID is
> ID_IPV4_ADDR: 'yyy.yyy.yyy.yyy'
> Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2254: sent Main Mode I2
> Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2254: sent Main Mode I3
> Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2254: sent Main Mode request
> Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2255: ignoring
> informational payload IPSEC_RESPONDER_LIFETIME, msgid=69990cd7,
> length=28
> Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2255: initiating Quick
> Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
> {using isakmp#2254 msgid:69990cd7 proposal=AES_CBC_128-HMAC_SHA1_96
> pfsgroup=MODP2048}
> Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2255: IPsec SA
> established tunnel mode {ESP=>0x37db9a74 <0xfbe6f435
> xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=active}
> Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2255: sent Quick Mode
> request
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20220909/7f75f2b0/attachment-0001.htm>
More information about the Swan
mailing list