Can you arrange for some logfiles I can have a look at? Can you also try a 3.20rcX release candidate?
Sent from my iPhone > On Jun 20, 2017, at 08:27, Bob Cribbs <[email protected]> wrote: > > Hi, > > Im experiencing a new problem with my upgrade process (3.12->3.20), this time > it's the routes. > > I have ~70 tunnels setup on my server. > After ipsec is (re)started, all the routes come up. > But then 1-2 minutes later, there are only a subset of those that are still > up, ~10 of them. It's always the same 10 that are persisting. > All the tunnels are still showing up as connected, including those that are > now missing the routes. > > Sending data through the tunnel, only works for those that have routes, for > the other ones is timing out. > > I tried downgrading from 3.20 -> 3.19 same problem. > I tried downgrading further 3.19 -> 3.18. Routes seem to be persisting on > 3.18. > > I suspect there is a problem with encapsulation and NAT and keepalive. > On 3.12 and 3.18, i used `forceencaps=yes` > On 3.20 i tried `encapsulation=yes`, and `encapsulation=auto` routes are > disconnecting with either of them. > > ``` > conn customer > authby=secret > dpddelay=40 > dpdtimeout=120 > dpdaction=restart > auto=start > encapsulation=yes > pfs=yes > ike=aes256-sha1 > phase2alg=aes256-sha1 > left=%defaultroute > leftid=184.X.X.X > leftsourceip=184.X.X.X > leftsubnet=184.X.X.X/32 > right=72.Y.Y.Y > rightid=72.Y.Y.Y > rightsubnet=10.B.B.B/32 > ``` > > Once the route disappears, it doesnt come back even if i try: > ``` > $ sudo ipsec auto --down customer > $ sudo ipsec auto --up customer > ``` > > Am I missing some config to keep the route up on the 3.20 version? > > Thank you. > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
