On Thu, 23 Aug 2018, Adam Tauno Williams wrote:
libreswan-3.20-5.el7_4.x86_64
One problem - it appears when the connection renegotiates the remote site experiences packet loss of tunneled traffic.
Please use 3.25 which has improved PFS handling while rekeying.
15:02:46 pluto[29909]: "IPSEC-1" #22021: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=sha group=MODP1536} 15:02:46 pluto[29909]: "IPSEC-1" #22021: the peer proposed: L.M.O.P/32:47/0 -> A.B.C.D/32:47/0 15:02:46 pluto[29909]: "IPSEC-1" #22022: we require PFS but Quick I1 SA specifies no GROUP_DESCRIPTION
The other end seems to have pfs=no and you have pfs=yes ? Paul _______________________________________________ Swan mailing list Swan@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan