On Fri, 3 May 2019, Nick Howitt wrote:
but here is the whole log.
That's not a DPD issue, it is the auto=start + receiving delete issue. Your connection receives a delete and is deleted. So you have no active states, no IKE SA so no DPDs. It should have checked the the auto=start value, and does not realise it needs to start a new negotiation. A fix for that is in git master and will be part of 3.28. Unfortunately, we had a bandaid fix first, and then we removed the bandaid for a proper fix that also prevents an IKE storm (eg receiving delete, initiate, establish, receive delete, initiate, ....) so I have no easy commit for you to reference. But if you look through "git log" of the master tree, search for "revive" to find all related commits. Or wait for 3.28 to be released next week. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
