Hi Paul,
Thanks for looking. Personally I am happy to wait for 3.28, but I
was trying to create a spec and it will need the 3.28 fixes
backported into the el7 release line.
Regards,
Nick
On 03/05/2019 15:53, Paul Wouters
wrote:
On Fri, 3 May 2019, Nick Howitt wrote:
but here is the whole log.
That's not a DPD issue, it is the auto=start + receiving delete
issue.
Your connection receives a delete and is deleted. So you have no
active
states, no IKE SA so no DPDs. It should have checked the the
auto=start
value, and does not realise it needs to start a new negotiation. A
fix
for that is in git master and will be part of 3.28. Unfortunately,
we
had a bandaid fix first, and then we removed the bandaid for a
proper
fix that also prevents an IKE storm (eg receiving delete,
initiate,
establish, receive delete, initiate, ....) so I have no easy
commit
for you to reference. But if you look through "git log" of the
master
tree, search for "revive" to find all related commits. Or wait for
3.28 to be released next week.
Paul
|
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
