On Mon, 4 Jan 2021, Blue Aquan wrote:
The tunnel remains connected now, the logs has nothing in particular except
this message. The last line however, still says information message from
Fortigate,
"message response has no corresponding IKE SA". But otherwise the VPN is
working as expected with all services.
Great!
Jan 4 17:32:17.120117: "SUBNETS" #42: initiate rekey of IKEv2 CREATE_CHILD_SA
IKE Rekey
Jan 4 17:32:17.131274: "SUBNETS" #43: sent CREATE_CHILD_SA request to rekey
IKE SA
Jan 4 17:32:17.303648: "SUBNETS" #43: rekeyed #42 STATE_V2_REKEY_IKE_I1 and
expire it remaining life 937.812965s
Jan 4 17:32:17.303764: "SUBNETS" #43: established IKE SA {auth=IKEv2
cipher=AES_CBC_256 integ=HMAC_SHA2_512_256 prf=HMAC_SHA2_512 group=DH21}
Jan 4 17:32:18.305011: "SUBNETS" #42: deleting state
(STATE_V2_ESTABLISHED_IKE_SA) aged 2663.301907s and sending notification
Jan 4 17:32:18.362454: packet from 6.7.8.9:4500: INFORMATIONAL message
response has no corresponding IKE SA
That is a buglet on our end. When libreswan delete's the old IKE SA
(#42) it does not wait for the (empty) response message. We already
deletes #42 and the reply is encrypted to that #42 key. It is a
harmless message.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
