New commits:
commit f4ac14b2e802a5504a22b4f3e5ea2ec837a6d930
Author: Paul Wouters <[email protected]>
Date: Tue Aug 18 10:13:39 2015 -0400
updated changes
commit ecb9c88910df1fb070488835bf3180096f3ccba3
Author: CHEN, JIANFU (RC-CA) <[email protected]>
Date: Tue Aug 18 10:08:55 2015 -0400
IKEv1: Remove all IPsec SA's of a connection when newest SA is removed.
This behaviour is similar to "ipsec auto --down connection-name"
This resolves an interop issue with Cisco where after a brief outage,
sometimes the connection results in two IPsec SA's being established. In
this case, after sometime, the cisco router sends an ISAKMP Delete/Notify
message to delete one of the IPsec SAs. If the removed IPsec SA is the
first SA, it will be fine. But if the removed IPsec SA is the newest SA,
the IPsec tunnel state is set to "perspective eroute". And now traffic
between the Cisco and libreswan on the ipsec tunnel is blocked.
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
