On 29 Jan 2026, at 15:09, Ilya Maximets wrote:
> 'keyingtries' config is not supposed to work for ikev2. But it does
> in Libreswan 4 and older. Libreswan 5, however, reworked connection
> revival code, and so it is now the only thing that keeps on trying the
> connection marked as 'UP', not the 'keyingtries'. v5.3+ complains
> about usage of the obsolete config option on stderr:
>
> 2026-01-12T12:26:09Z | 294 | ovs-monitor-ipsec | WARN | stderr:
> b'ipsec addconn: /etc/ipsec.conf:7:
> warning: obsolete keyword ignored: keyingtries=%forever\n'
>
> Avoid setting this option for Libreswan 5+ to silence the warnings
> in the log.
>
> For v4 and older 'keyingtries' still provides the re-try behavior, so
> keeping it, as it may be dangerous to just rely on revival on these
> older versions.
>
> Signed-off-by: Ilya Maximets <[email protected]>
Change looks good to me.
Acked-by: Eelco Chaudron <[email protected]>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
