[Swan] establishing multiple VPN tunnels - drains resources
Andrew Cagney
andrew.cagney at gmail.com
Wed Oct 4 16:34:01 EEST 2023
On Wed, 4 Oct 2023 at 06:11, Pavol Hustý <pavol.husty at gmail.com> wrote:
>
> Hello,
>
> We found the following state in the existing connection.
>
> After the connection is established. IPsec establishing multiple VPN tunnels. Some of them are not used to send data and are just in dormant state.
> Suspicion, rekey times are different, this leads to unused tunnels being left hanging which drains resources.
>
> Is it a known bug or is it a misconfiguration? There is a solution?
I'd see if the problem persists with either 4.12 or mainline.
If it does, two things, I think, are interesting:
- it looks like the peer is creating a new child sa every 10s
- why this failed <<received delete request for PROTO_v2_ESP
SA(0xc8127f1c) but corresponding state not found>>, look for c8127f1c
in the logs
More information about the Swan
mailing list