We have some problem in our initiation code, both ikev1 and ikev2. If we have traffic which matches our ipsec policy when we are negotiating a tunnel it causes us to negotiate several tunnels.
I didn't check further but I'm quite sure we before had a check in code that if there was already matching tunnel negotiation we didn't start new one when acquired - now we get new tunnel negotiation. So restarting pluto on ipsec-gw causes road warrior to negotiate like 6 IPsec SAs because of acquires instead of one required. -- Tuomo Soini <[email protected]> Foobar Linux services +358 40 5240030 Foobar Oy <http://foobar.fi/> _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
