<html><head><style>body{font-family:Helvetica,Arial;font-size:13px}</style></head><body style="word-wrap:break-word"><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">Sure, what log files do you think are relevant?</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">There doesnt seem to be anything in the `/var/log/auth.log` around the time the routes disappear, there is nothing in `/var/log/messages.log` file either.</div> <div><br></div>Or should i change pluto's log level to `all`?<div> <div id="bloop_sign_1497963652735643904" class="bloop_sign"></div> <br><p class="airmail_on">On 20 June 2017 at 16:00:02, Paul Wouters (<a href="mailto:paul@nohats.ca">paul@nohats.ca</a>) wrote:</p> <blockquote type="cite" class="clean_bq"><span><div dir="auto"><div></div><div>
<title></title>
<div>Can you arrange for some logfiles I can have a look at?</div>
<div id="AppleMailSignature"><br></div>
<div id="AppleMailSignature">Can you also try a 3.20rcX release
candidate?<br>
<br>
Sent from my iPhone</div>
<div><br>
On Jun 20, 2017, at 08:27, Bob Cribbs <<a href="mailto:bob.cribbs@policystat.com">bob.cribbs@policystat.com</a>>
wrote:<br>
<br></div>
<blockquote type="cite">
<div>
<div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">
Hi,</div>
<div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">
<br></div>
<div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">
Im experiencing a new problem with my upgrade process
(3.12->3.20), this time it's the routes.</div>
<div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">
<br></div>
<div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">
I have ~70 tunnels setup on my server.</div>
<div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">
After ipsec is (re)started, all the routes come up.</div>
<div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">
But then 1-2 minutes later, there are only a subset of those that
are still up, ~10 of them. It's always the same 10 that are
persisting.</div>
<div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">
All the tunnels are still showing up as connected, including those
that are now missing the routes.</div>
<div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">
<br></div>
<div class="bloop_container">
<div class="bloop_frame"></div>
</div>
Sending data through the tunnel, only works for those that have
routes, for the other ones is timing out.
<div><br></div>
<div>I tried downgrading from 3.20 -> 3.19 same problem.</div>
<div>I tried downgrading further 3.19 -> 3.18. Routes seem to be
persisting on 3.18.</div>
<div><br></div>
<div>I suspect there is a problem with encapsulation and NAT and
keepalive.</div>
<div>On 3.12 and 3.18, i used `forceencaps=yes`</div>
<div>On 3.20 i tried `<span style="white-space:pre-wrap">encapsulation=yes`, and `</span><span style="white-space:pre-wrap">encapsulation=auto` routes are disconnecting
with either of them.</span></div>
<div>
<div style="orphans: 2; widows: 2;"><span style="white-space:pre-wrap"><br></span></div>
<div style="orphans: 2; widows: 2;"><span style="white-space:pre-wrap">```</span></div>
<div style="orphans: 2; widows: 2;">
<div style="font-family:'helvetica Neue',helvetica;font-size:14px">
<div>conn customer</div>
<div> authby=secret</div>
<div> dpddelay=40</div>
<div> dpdtimeout=120</div>
<div> dpdaction=restart</div>
<div> auto=start</div>
<div> encapsulation=yes</div>
<div> pfs=yes</div>
<div> ike=aes256-sha1</div>
<div> phase2alg=aes256-sha1</div>
<div> left=%defaultroute</div>
<div> leftid=184.X.X.X</div>
<div> leftsourceip=184.X.X.X</div>
<div> leftsubnet=184.X.X.X/32</div>
<div> right=72.Y.Y.Y</div>
<div> rightid=72.Y.Y.Y</div>
<div> rightsubnet=10.B.B.B/32</div>
</div>
</div>
<div style="orphans: 2; widows: 2;"><span style="white-space:pre-wrap">```</span></div>
<div style="orphans: 2; widows: 2;"><span style="white-space:pre-wrap"><br></span></div>
<div style="orphans: 2; widows: 2;"><span style="white-space:pre-wrap">Once the route disappears, it doesnt come
back even if i try:</span></div>
<div style="orphans: 2; widows: 2;"><span style="white-space:pre-wrap">``</span><span style="white-space:pre-wrap">`</span></div>
<div style="orphans: 2; widows: 2;"><span style="white-space:pre-wrap">$ sudo ipsec auto --down
customer</span></div>
<div style="orphans: 2; widows: 2;"><span style="white-space:pre-wrap">$ sudo ipsec auto --up customer</span></div>
<div style="orphans: 2; widows: 2;"><span style="white-space:pre-wrap">```</span></div>
<div id="bloop_sign_1497960635259272192" class="bloop_sign">
<br></div>
</div>
<div id="bloop_sign_1497960635259272192" class="bloop_sign">Am I
missing some config to keep the route up on the 3.20 version?</div>
<div id="bloop_sign_1497960635259272192" class="bloop_sign">
<br></div>
<div id="bloop_sign_1497960635259272192" class="bloop_sign">Thank
you.</div>
</div>
</blockquote>
<blockquote type="cite">
<div>
<span>_______________________________________________</span><br>
<span>Swan mailing list</span><br>
<span><a href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a></span><br>
<span><a href="https://lists.libreswan.org/mailman/listinfo/swan">https://lists.libreswan.org/mailman/listinfo/swan</a></span><br>
</div>
</blockquote>
</div></div></span></blockquote></div></body></html>