Looking at ikev2-allow-narrow-08-2conns it seems our narrowing code is not properly instantiating connections. It shows up on east as two connections, both connname[1] It re-used the same reqid, so we do not have two full sets of in/out/fwd xfrm policies. Traffic is mixed up between the two Child SA's that use different protoports. My guess is the core problem is the connection not fully instantiating, which should also cause a new reqid to be generated for it. Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
