On Fri, 21 Oct 2016, Banana Man wrote:
Probably I should have laid out my whole issue, but like I said I was trying to
keep it simple. Let me further complicate things - in all my other tunnels I
have used ike, not ikev2. I
often need to connect to multiple addresses on the remote side, and generally
just make a new connection for each address. Mostly I'm connecting to Cisco
endpoints. That has always
worked fine in the past.
With this connection there are actually two tunnel configurations to the same
endpoint. I have figured out that when one connection is restarted, it kills
the other one. (It took me a
You can try the config setup option uniqueids=no which will prevent the
delete on libreswan's end. But I'm not sure how the remote end will
behave. Be sure not to have initial-contact=yes or else they might
kill the old one.
134 "demo" #19333: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2
cipher=aes_128 integ=sha1_96 prf=sha group=MODP2048}
003 "demo" #19333: missing payload(s)
(ISAKMP_NEXT_v2SA+ISAKMP_NEXT_v2TSi+ISAKMP_NEXT_v2TSr). Message dropped.
207 "demo" #19333: STATE_PARENT_I2: v2N_INVALID_SYNTAX
the payloads are missing because they send back a notify of invalid
syntax. So they didn't like that exchange. It is a very unusual error
though.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
