[Swan] Possibly dropped/missed SA init response messages
Tielong Su
tielongs at gmail.com
Sat Oct 8 03:48:32 EEST 2022
Thanks Paul, will double check and circle back.
On Sat, Oct 8, 2022 at 00:06 Paul Wouters <paul at nohats.ca> wrote:
> On Fri, 7 Oct 2022, Tielong Su wrote:
>
> > Hello libreswan community,
> > I am experiencing some SA retransmission issues for my IKEv2 connection.
> The connection had been stable and worked pretty well until recently.
> >
> > From the pluto logs it seems the IPSec tunnel was successfully
> established but at the same time the pluto daemon is re-transmitting the SA
> response to the
> > client / initiator due to receiving a duplicate SA init request. Below
> is the log paste for the connection:
>
> > Full Gist -
> https://gist.githubusercontent.com/tielong/5a5bffda4c224a853d98722260b0dc9f/raw/26215cde4911d049a7c74d3b41accce02758543c/gistfile1.txt
>
> That looks like a bug on oue end but:
>
> > Libreswan version: 4.3
> > Linux Distro: Debian 11
> > Cloud Premise/Fabric: AWS EC2 (t4g.nano on arm64, us-west-2)
>
> Please try 4.7 or 4.8 to see if the issue goes away? The liveness code
> has seen some changes since 4.3.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20221008/061eb9e4/attachment.htm>
More information about the Swan
mailing list