Hi Paul
Kindly find the output of ipsec whack --showstates from both sides
please.
At HO
000 #5: "PLUTOSUBNET":1208 STATE_V2_ESTABLISHED_IKE_SA (established IKE
SA); EVENT_SA_REKEY in 28511s; newest ISAKMP; idle;
000 #6: "PLUTOSUBNET":1208 STATE_V2_ESTABLISHED_CHILD_SA (IPsec SA
established); EVENT_SA_REKEY in 28511s; newest IPSEC; eroute owner;
isakmp#5; idle;
000 #6: "PLUTOSUBNET" [email protected] [email protected]
[email protected] [email protected] Traffic: ESPin=168B ESPout=168B! ESPmax=0B
At Site Office
000 #1: "PLSUBNET":4500 STATE_V2_ESTABLISHED_IKE_SA (established IKE
SA); EVENT_SA_REKEY in 27743s; newest ISAKMP; idle;
000 #2: "PLSUBNET":4500 STATE_V2_ESTABLISHED_CHILD_SA (IPsec SA
established); EVENT_SA_REKEY in 27984s; newest IPSEC; eroute owner;
isakmp#1; idle;
000 #2: "PLSUBNET" [email protected] [email protected]
[email protected] [email protected] Traffic: ESPin=168B ESPout=168B!
ESPmax=0B
Thanks, Best
BA
On 2023-01-31 22:01, Paul Wouters wrote:
On Mon, 30 Jan 2023, [email protected] wrote:
I changed the HO's statement to auto=add while keeping auto=start at
the Site Office. Also removed encapsulation statement at both
ends, However there is no change in status, both machines are unable
to reach each other. The tunnel is getting established as
always, attaching the logs from both sides FYI.
Once the tunnel is not working, can you run on both ends:
ipsec whack --showstates
Let's see if both ends are still thinking the tunnel is up or not.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
