On Mon, 3 Oct 2016, Reuben Farrelly wrote:
Looks like there is a leakage with SA's not being cleaned up properly with the latest -git code. I am still running VTI's - so this could be a part of the problem.
I dont think so? I notice you have dpdaction=clear. Setting that to dpdaction=hold should stop plaintext from leaking.
So there are some 1810 SA's in total - all authenticated but there is only one active client (my Cisco router).
That _is_ a problem. What version is this? We did fix a bug a while ago where a failing connection would accidentally get cloned on retry and so you would exponentially gain more non-working connection instances :/ (This was one or two releases ago. If you were on 3.18 or git, please get me a log of the failing connection that shows instantiating more of them) Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
