Hello Developers,I've been doing some tests with two hosts (running version 5.3.0) trying to initiate IKEv2 sessions (with each other), both starting via "ipsec up" at approximately the same time.
What I'm seeing is--every once and a while; seems to depend on timing--is one side will end up with two complete sets of SA's ("2 up, 0 connecting") while the other side settles with only one set. The ESP SPIs indicate the single set corresponding to the higher []-numbered ones at the side with two.
ESP traffic does flow in this condition, but I'm concerned it's by luck, requiring the side with the extra set of SAs to use the correct one when transmitting. Also, if the valid pair gets torn, the side left with the extra, un-matched SA goes incommunicado.
Is this a known issue, or something I should enter as one? /jwc
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
