Hi: I have a number of tunnels running well on a CentOS 7 machine with libreswan 3.15-5.el7_1. I added a new tunnel which I am having some issues with; the only real difference is that the new one is using ikev2. The config is:
conn demo type=tunnel authby=secret left=10.0.0.3 leftsubnet=10.0.0.3/255.255.255.255 leftnexthop=123.45.67.4 leftsourceip=10.0.0.3 right=123.45.67.4 rightsubnet=2123.45.67.198/255.255.255.255 rightnexthop=10.0.0.3 rightsourceip=123.45.67.198 ikev2=insist ike=aes-sha1 ikelifetime=86400s phase2alg=aes-256 salifetime=28800s rekey=no pfs=no auto=start The other side is, I think, a Cisco ASA. The tunnel has failed sporadically and I see the following output from ipsec status when this happens: 000 #18146: "demo":500 STATE_PARENT_R1 (received v2I1, sent v2R1); EVENT_v2_RESPONDER_TIMEOUT in 77s; idle; import:respond to stranger I couldn't find a lot of information on this error. Can anyone point out anything I can do here? Is there a way to automatically recover from an event like this? It works fine (for a while) with a --replace & --up. Thanks, Bananas
_______________________________________________ Swan mailing list Swan@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan