<html><head></head><body><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:13px;"><div>Hello.</div><div><br></div><div>I have some tunnel made it with different partners. Only one of them give me this strange behaviour.</div><div>Tunnel it's between my Libreswan 3.15 (netkey) on 2.6.32-696.16.1.el6.x86_64 (centSO 6.9) and a Cisco ASA 5520.</div><div>Configuration:</div><div><br></div><div>config setup<br>        protostack=netkey<br>        logfile=/var/log/pluto.log<br>        interfaces="ipsec0=eth0 ipsec1=eth1 ipsec2=eth1:0"<br>        dumpdir=/var/run/pluto/<br>        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10,%v4:!10.x.y.z/24,%v4:!10.x.s.d/24<br>include /etc/ipsec.d/*.conf<br><br># --------------------------------------------------------------------------------------------<br>conn dixx<br>        type=tunnel<br>        authby=secret<br>        dpddelay=30<br>        dpdtimeout=90<br>        dpdaction=clear<br>        rekey=yes<br>        keyingtries=%forever<br><br>        right=IP_public_2<br>        rightid=IP_public_2<br>        rightnexthop=%defaultroute<br>        left=IP_public_1<br>        leftid=IP_public_1<br>        leftnexthop=IP_public_3 (ISP GW)<br><br>        keyexchange=ike<br>        ike=3des-md5;modp1024<br>        ikelifetime=86400s<br>        salifetime=86400s<br>        phase2=esp<br>        phase2alg=3des-md5<br>        pfs=no<br># --------------------------------------------------------------------------------------------<br>conn di1<br>        also=dixx<br>        rightsubnet=192.w.r.t/16<br>        leftsubnet=10.x.y.z/24<br>        auto=start<br># ------------------------------------        diverse     --------------------------------------<br>conn diverse<br>        also=ditech<br>        rightsubnets={subnet2/24 subnet3/24 subnet4/24 subnet5/24 subnet6/24}<br>        leftsubnet=10.x.y.z/24<br>        auto=start<br><br><br>I attach the last pluto.log from the moment of renegotiation, but only for the first conn 'di1' [same log are for other conn defined, but are too many infos...].</div><div><br></div><div>With this configuration, the connection 'di1' [and others] was up for 48h but in the past all goes wrong after 24h. In this case i must make service ipsec restart and all are good.</div><div><br></div><div>Can you give me some advice about what happend?</div><div><br></div><div>If you need more information please tell me.</div><div><br></div><div>Thanks a lot !<br></div><div> <span id="ydpb954b91eresult_box" class="ydpb954b91eshort_text" lang="en"><span></span></span><br></div></div></body></html>