On Thu, 23 Aug 2018, Adam Tauno Williams wrote:
libreswan-3.20-5.el7_4.x86_64
One problem - it appears when the connection renegotiates the remote
site experiences packet loss of tunneled traffic.
Please use 3.25 which has improved PFS handling while rekeying.
15:02:46 pluto[29909]: "IPSEC-1" #22021: STATE_MAIN_R3: sent MR3,
ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=sha
group=MODP1536}
15:02:46 pluto[29909]: "IPSEC-1" #22021: the peer proposed:
L.M.O.P/32:47/0 -> A.B.C.D/32:47/0
15:02:46 pluto[29909]: "IPSEC-1" #22022: we require PFS but Quick I1 SA
specifies no GROUP_DESCRIPTION
The other end seems to have pfs=no and you have pfs=yes ?
Paul
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
