<div dir="ltr">Seems the issue persists. One interesting observation was that the connection works for a while on the new instance before the same issue finally kicks in.<div><br></div><div>The issue occurs after around 3 - 7 rekeys, each rekey is default to 480 seconds for iOS clients, which means the connection works for about 20 - 60 minutes before running into this issue. To be more precise, the internet got lost for the connection after 3 - 7 rekeys and upon manual reconnection attempts, this issue occurs.<br></div><div><br></div><div>Below are the full log paste (I've tried the connection on both mac and iphone), I've also restarted the instance / ipsec daemon and that doesn't seem to help either</div><div><br></div><div>Swan version: 4.7</div><div>Instance: aws ec2 t4g.nano / arm64 / debian 11</div><div><br></div><div><b>Full log</b></div><div><a href="https://gist.githubusercontent.com/tielong/648f67315701c90312e35ed7d11162ac/raw/254abea3e87d9853bea69e7e1ad476899d5e0e1b/gistfile1.txt">https://gist.githubusercontent.com/tielong/648f67315701c90312e35ed7d11162ac/raw/254abea3e87d9853bea69e7e1ad476899d5e0e1b/gistfile1.txt</a></div><div><br></div><div><b>Snippet</b></div><div><b style="font-size:x-small;font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0);font-family:Monaco">Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:20.205442: "ikev2"[7] 124.77.25.186 #42: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] 2:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=ECP_256 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP1536 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024 5:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024</b><br></div><div><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:20.212818: "ikev2"[7] 124.77.25.186 #42: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:20.436610: "ikev2"[7] 124.77.25.186 #42: processing decrypted IKE_AUTH request: SK{IDi,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:20.436671: "ikev2"[7] 124.77.25.186 #42: switched to "ikev2"[8] 124.77.25.186</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:20.436683: "ikev2"[7] <a href="http://124.77.25.186">124.77.25.186</a>: deleting connection instance with peer 124.77.25.186 {isakmp=#0/ipsec=#0}</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:20.436707: "ikev2"[8] 124.77.25.186 #42: WARNING: '@sequoia_us_west' PSK length of 6 bytes is too short for PRF HMAC_SHA2_256 in FIPS mode (16 bytes required)</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:20.436755: "ikev2"[8] 124.77.25.186 #42: responder established IKE SA; authenticated using authby=secret and peer ID_IPV4_ADDR '192.168.3.72'</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:20.436785: "ikev2"[8] 124.77.25.186 #42: WARNING: '@sequoia_us_west' PSK length of 6 bytes is too short for PRF HMAC_SHA2_256 in FIPS mode (16 bytes required)</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:20.436871: "ikev2"[8] 124.77.25.186 #43: proposal 1:ESP=AES_CBC_256-HMAC_SHA2_256_128-DISABLED SPI=0c9eea7a chosen from remote proposals 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED 5:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:20.451777: "ikev2"[8] 124.77.25.186 #43: responder established Child SA using #42; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.1.1-192.168.1.1:0-65535 0] {ESPinUDP=>0x0c9eea7a <0x85554587 xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATD=<a href="http://124.77.25.186:4500">124.77.25.186:4500</a> DPD=active}</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:21.437871: "ikev2"[8] 124.77.25.186 #42: IKE_AUTH request has duplicate Message ID 1; retransmitting response</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:23.443425: "ikev2"[8] 124.77.25.186 #42: IKE_AUTH request has duplicate Message ID 1; retransmitting response</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:27.449169: "ikev2"[8] 124.77.25.186 #42: IKE_AUTH request has duplicate Message ID 1; retransmitting response</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:35.460039: "ikev2"[8] 124.77.25.186 #42: IKE_AUTH request has duplicate Message ID 1; retransmitting response</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:50.956168: "ikev2"[8] 124.77.25.186 #42: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:51.461096: "ikev2"[8] 124.77.25.186 #42: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:51.518355: "ikev2"[8] 124.77.25.186 #44: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] 2:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=ECP_256 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP1536 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024 5:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:51.526114: "ikev2"[8] 124.77.25.186 #44: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:51.812549: "ikev2"[8] 124.77.25.186 #44: processing decrypted IKE_AUTH request: SK{IDi,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:51.812611: "ikev2"[8] 124.77.25.186 #44: WARNING: '@sequoia_us_west' PSK length of 6 bytes is too short for PRF HMAC_SHA2_256 in FIPS mode (16 bytes required)</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:51.812658: "ikev2"[8] 124.77.25.186 #44: responder established IKE SA; authenticated using authby=secret and peer ID_IPV4_ADDR '192.168.3.72'</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:51.812696: "ikev2"[8] 124.77.25.186 #44: WARNING: '@sequoia_us_west' PSK length of 6 bytes is too short for PRF HMAC_SHA2_256 in FIPS mode (16 bytes required)</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:51.812760: "ikev2"[8] 124.77.25.186 #45: proposal 1:ESP=AES_CBC_256-HMAC_SHA2_256_128-DISABLED SPI=0d721dc3 chosen from remote proposals 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED 5:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:51.812955: "ikev2"[8] 124.77.25.186 #45: responder established Child SA using #44; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.1.1-192.168.1.1:0-65535 0] {ESPinUDP=>0x0d721dc3 <0x3449e59e xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATD=<a href="http://124.77.25.186:4500">124.77.25.186:4500</a> DPD=active}</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:51.813069: "ikev2"[8] 124.77.25.186 #43: ESP traffic information: in=0B out=5KB</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:52.464975: "ikev2"[8] 124.77.25.186 #42: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:52.821406: "ikev2"[8] 124.77.25.186 #44: IKE_AUTH request has duplicate Message ID 1; retransmitting response</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:54.468208: "ikev2"[8] 124.77.25.186 #42: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:54.823805: "ikev2"[8] 124.77.25.186 #44: IKE_AUTH request has duplicate Message ID 1; retransmitting response</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:58.472738: "ikev2"[8] 124.77.25.186 #42: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:31:58.831139: "ikev2"[8] 124.77.25.186 #44: IKE_AUTH request has duplicate Message ID 1; retransmitting response</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space"> </span>8 04:32:06.483938: "ikev2"[8] 124.77.25.186 #42: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response</b></font></span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Monaco;margin:0px;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><font size="1"><b>Oct<span class="gmail-Apple-converted-space" style=""> </span>8 04:32:06.844260: "ikev2"[8] 124.77.25.186 #44: IKE_AUTH request has duplicate Message ID 1; retransmitting response</b></font></span></p></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Oct 8, 2022 at 8:48 AM Tielong Su <<a href="mailto:tielongs@gmail.com">tielongs@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">Thanks Paul, will double check and circle back.</div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Oct 8, 2022 at 00:06 Paul Wouters <<a href="mailto:paul@nohats.ca" target="_blank">paul@nohats.ca</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Fri, 7 Oct 2022, Tielong Su wrote:<br>
<br>
> Hello libreswan community,<br>
> I am experiencing some SA retransmission issues for my IKEv2 connection. The connection had been stable and worked pretty well until recently.<br>
> <br>
> From the pluto logs it seems the IPSec tunnel was successfully established but at the same time the pluto daemon is re-transmitting the SA response to the<br>
> client / initiator due to receiving a duplicate SA init request. Below is the log paste for the connection:<br>
<br>
> Full Gist - <a href="https://gist.githubusercontent.com/tielong/5a5bffda4c224a853d98722260b0dc9f/raw/26215cde4911d049a7c74d3b41accce02758543c/gistfile1.txt" rel="noreferrer" target="_blank">https://gist.githubusercontent.com/tielong/5a5bffda4c224a853d98722260b0dc9f/raw/26215cde4911d049a7c74d3b41accce02758543c/gistfile1.txt</a><br>
<br>
That looks like a bug on oue end but:<br>
<br>
> Libreswan version: 4.3<br>
> Linux Distro: Debian 11<br>
> Cloud Premise/Fabric: AWS EC2 (t4g.nano on arm64, us-west-2)<br>
<br>
Please try 4.7 or 4.8 to see if the issue goes away? The liveness code<br>
has seen some changes since 4.3.<br>
</blockquote></div></div>
</blockquote></div>