New commits:
commit dc436423e64e7b66c578d1e2ed77c8164144bfc2
Author: Paul Wouters <[email protected]>
Date: Fri Feb 19 19:00:49 2016 -0500
pluto: the pending code fpr phase2 misfired for IKEv2 connections
There is an EVENT_PENDING_PHASE2 that is scheduled every 2 minutes.
It checks if there are pending IPsec SA negotiations that are waiting
for an IKE negotiation to complete. If this takes longer than 120s,
it shoots the IKE negotiation and starts a new one.
When it was looking for pending IKE negotiations, it used the macro
PHASE1_INITIATOR_STATES which did not include STATE_PARENT_I1 or
STATE_PARENT_I2. So it would never find the currently failing IKEv2
state, and call ipsec_doi to start a new one, duplicating the connections.
This meant we were duplicating failed IKEv2 negotiations every 120
seconds.
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
