Hi:
I have a number of tunnels running well on a CentOS 7 machine with
libreswan 3.15-5.el7_1. I added a new tunnel which I am having some issues
with; the only real difference is that the new one is using ikev2. The
config is:
conn demo
type=tunnel
authby=secret
left=10.0.0.3
leftsubnet=10.0.0.3/255.255.255.255
leftnexthop=123.45.67.4
leftsourceip=10.0.0.3
right=123.45.67.4
rightsubnet=2123.45.67.198/255.255.255.255
rightnexthop=10.0.0.3
rightsourceip=123.45.67.198
ikev2=insist
ike=aes-sha1
ikelifetime=86400s
phase2alg=aes-256
salifetime=28800s
rekey=no
pfs=no
auto=start
The other side is, I think, a Cisco ASA. The tunnel has failed sporadically
and I see the following output from ipsec status when this happens:
000 #18146: "demo":500 STATE_PARENT_R1 (received v2I1, sent v2R1);
EVENT_v2_RESPONDER_TIMEOUT in 77s; idle; import:respond to stranger
I couldn't find a lot of information on this error. Can anyone point out
anything I can do here? Is there a way to automatically recover from an
event like this? It works fine (for a while) with a --replace & --up.
Thanks,
Bananas
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
