Hi,
Im experiencing a new problem with my upgrade process (3.12->3.20), this
time it's the routes.
I have ~70 tunnels setup on my server.
After ipsec is (re)started, all the routes come up.
But then 1-2 minutes later, there are only a subset of those that are still
up, ~10 of them. It's always the same 10 that are persisting.
All the tunnels are still showing up as connected, including those that are
now missing the routes.
Sending data through the tunnel, only works for those that have routes, for
the other ones is timing out.
I tried downgrading from 3.20 -> 3.19 same problem.
I tried downgrading further 3.19 -> 3.18. Routes seem to be persisting on
3.18.
I suspect there is a problem with encapsulation and NAT and keepalive.
On 3.12 and 3.18, i used `forceencaps=yes`
On 3.20 i tried `encapsulation=yes`, and `encapsulation=auto` routes are
disconnecting with either of them.
```
conn customer
authby=secret
dpddelay=40
dpdtimeout=120
dpdaction=restart
auto=start
encapsulation=yes
pfs=yes
ike=aes256-sha1
phase2alg=aes256-sha1
left=%defaultroute
leftid=184.X.X.X
leftsourceip=184.X.X.X
leftsubnet=184.X.X.X/32
right=72.Y.Y.Y
rightid=72.Y.Y.Y
rightsubnet=10.B.B.B/32
```
Once the route disappears, it doesnt come back even if i try:
```
$ sudo ipsec auto --down customer
$ sudo ipsec auto --up customer
```
Am I missing some config to keep the route up on the 3.20 version?
Thank you.
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
