On Tue, 21 May 2019, Andrew Cagney wrote:
libreswan 3.28 will likely land in Fedora 29 over coming days. While I suspect it doesn't address:
I have pushed updates into testing, so this should work already: yum update --enablerepo=updates-testing libreswan
(the log message can still be found in the sources) a number of significant changes to how IKEv2 Message IDs are handled were made and they may affect this. If the message ID deadlock message still occurs, can you look back through the logs for anything pertaining to the IKE SA (aka parent or #2019 in the above) especially anything that suggests a packet is being sent.
Yes the deadlock would still occur, but the IPsec SA failing will trigger the 3.28 revive conn code now and should re-establish. The original problem should still be investigated. Why does the remote stop responding to our requests (likely our DPD/liveness probes) Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
