3.28 does not start Mar 11 20:26:29 core systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Mar 11 20:26:30 core _stackmanager[26781]: FAILURE in loading XFRM IPsec stack Mar 11 20:26:30 core systemd[1]: ipsec.service: Control process exited, code=exited, status=1/FAILURE Mar 11 20:26:30 core systemd[1]: ipsec.service: Failed with result 'exit-code'. Mar 11 20:26:30 core systemd[1]: Failed to start Internet Key Exchange (IKE) Protocol Daemon for IPsec. Mar 11 20:26:30 core systemd[1]: ipsec.service: Service RestartSec=100ms expired, scheduling restart. Mar 11 20:26:30 core systemd[1]: ipsec.service: Scheduled restart job, restart counter is at 1. Mar 11 20:26:30 core systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
3.29 works, but no NAT-T keepalive as with 3.27 3.30 same problem as with 3.31 > On 11 Mar 2020, at 14:13, Paul Wouters <[email protected]> wrote: > > On Wed, 11 Mar 2020, Beat Zahnd wrote: > >> I run 3.27 which is last version on stable Debian. > > Grab the 3.31 source and run "make deb" ? > >> Are the NAT-T keepalives fully independent from the DPD keepalives? > > Yes. There are completely unrelated. DPDs only happen when there is no > IPsec traffic. NAT keepalives always happen (Its cheaper to fire them > then to ask the kernel every 20s if there was traffic) > > Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
