[Swan] Possibly dropped/missed SA init response messages
Paul Wouters
paul at nohats.ca
Fri Oct 7 19:06:27 EEST 2022
On Fri, 7 Oct 2022, Tielong Su wrote:
> Hello libreswan community,
> I am experiencing some SA retransmission issues for my IKEv2 connection. The connection had been stable and worked pretty well until recently.
>
> From the pluto logs it seems the IPSec tunnel was successfully established but at the same time the pluto daemon is re-transmitting the SA response to the
> client / initiator due to receiving a duplicate SA init request. Below is the log paste for the connection:
> Full Gist - https://gist.githubusercontent.com/tielong/5a5bffda4c224a853d98722260b0dc9f/raw/26215cde4911d049a7c74d3b41accce02758543c/gistfile1.txt
That looks like a bug on oue end but:
> Libreswan version: 4.3
> Linux Distro: Debian 11
> Cloud Premise/Fabric: AWS EC2 (t4g.nano on arm64, us-west-2)
Please try 4.7 or 4.8 to see if the issue goes away? The liveness code
has seen some changes since 4.3.
More information about the Swan
mailing list