Thanks, is there an existing RHEL bugzilla for this failure?
> Sent: Wednesday, August 24, 2016 at 12:48 PM > From: "Paul Wouters" <[email protected]> > To: [email protected] > Cc: "Libreswan Mailing List" <[email protected]> > Subject: Re: [Swan] Peer declared dead and tunnel down for 4 hours despite > traffic > > On Wed, 24 Aug 2016, [email protected] wrote: > > > We have intermittent tunnel failures that can usually be fixed by a manual > > 'ipsec auto --up <connection'. This is not an acceptable requirement, > > though. The source was declared dead by the destination which makes no > > sense as the source was up/running and communicating with 15+ other peers > > at the time. I decided to allow the tunnel failure to remain without > > manual intervention to see if it would eventually fix itself and in this > > case it did. It appears as though the tunnel was down for about 4 hours > > and appears it was 'fixed' very close to 8 hours after the last rekey > > (15:40:17 - 23:35:47), which seems to be the default salifetime. Even if > > the source was unavailable to the destination, why did both sides stop > > trying to communicate and why did the source all of a sudden decide to > > start communicating again (at 23:35:47). Can anything be done to diagnose, > > prevent, etc? > > This probably relates to this discussion: > > https://lists.libreswan.org/pipermail/swan-dev/2016-August/001603.html > > I think we have reached agreement on the behaviour, and just need to > update the code to reflect that in all cases. I expect this to be > fixed in the next 1-2 weeks. > > The upcoming RHEL-7.3 build has a fix for IKEv1 for this already. > > Paul > _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
