See https://dpaste.de/EyUR from IRC
- libreswan sends a rekey request and gets back no proposal chosen I suspect this is because libreswan's proposal strictly requires DH and the other end strictly refuse it (further down in the log is the remote proposing to CREATE_CHILD_SA with no DH) But what's more interesting is the other things that go on: dropping unexpected CREATE_CHILD_SA message containing NO_PROPOSAL_CHOSEN notification; message payloads: SK; encrypted payloads: N; missing payloads: SA,Ni,TSi,TSr -> we're missing a state transition to detect this and initiate a delete message id deadlock? wait sending, add to send next list using parent #1628 unacknowledged 1 next message id=1 ike exchange window 1 -> there's an outstanding re-transmit in front of the delete request; the code should just kill the SA family - given the re-transmit went no where what makes us think a delete will do better after that there seems to be a strange fight between the two ends trying to establish but not working - I suspect the remote isn't properly deleting the child sa but who knows Andrew _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
