Hello, We found the following state in the existing connection.
After the connection is established. IPsec establishing multiple VPN tunnels. Some of them are not used to send data and are just in dormant state. Suspicion, rekey times are different, this leads to unused tunnels being left hanging which drains resources. Is it a known bug or is it a misconfiguration? There is a solution? Thanks for your advice. Centos 7 + Linux Libreswan 3.32 (netkey) on 3.10.0 kernel. 000 "siteA-siteB": 10.10.10.75/32===a.b.c.222 > <a.b.c.222>...x.y.z.233<x.y.z.233>===172.17.19.2/32; erouted; eroute > owner: #1500666 > 000 "siteA-siteB": oriented; my_ip=unset; their_ip=unset; > my_updown=ipsec _updown; > 000 "siteA-siteB": xauth us:none, xauth them:none, my_username=[any]; > their_username=[any] > 000 "siteA-siteB": our auth:secret, their auth:secret > 000 "siteA-siteB": modecfg info: us:none, them:none, modecfg > policy:push, dns:unset, domains:unset, banner:unset, cat:unset; > 000 "siteA-siteB": policy_label:unset; > 000 "siteA-siteB": ike_life: 86400s; ipsec_life: 3600s; replay_window: > 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; > 000 "siteA-siteB": retransmit-interval: 500ms; retransmit-timeout: 60s; > 000 "siteA-siteB": initial-contact:no; cisco-unity:no; > fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; > 000 "siteA-siteB": policy: > PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO; > 000 "siteA-siteB": v2-auth-hash-policy: none; > 000 "siteA-siteB": conn_prio: 32,32; interface: bond0:0; metric: 0; mtu: > unset; sa_prio:auto; sa_tfc:none; > 000 "siteA-siteB": nflog-group: unset; mark: 5/0xffffffff, 5/0xffffffff; > vti-iface:vti0; vti-routing:yes; vti-shared:yes; nic-offload:auto; > 000 "siteA-siteB": our idtype: ID_IPV4_ADDR; our id=a.b.c.222; their > idtype: ID_IPV4_ADDR; their id=x.y.z.233 > 000 "siteA-siteB": dpd: action:restart; delay:10; timeout:30; nat-t: > encaps:yes; nat_keepalive:yes; ikev1_natt:both > 000 "siteA-siteB": newest ISAKMP SA: #1500220; newest IPsec SA: #1500666; > 000 "siteA-siteB": IKE algorithms: AES_CBC_256-HMAC_SHA2_256-MODP2048 > 000 "siteA-siteB": IKEv2 algorithm newest: > AES_CBC_256-HMAC_SHA2_256-MODP2048 > 000 "siteA-siteB": ESP algorithms: AES_CBC_256-HMAC_SHA2_256_128-MODP2048 > 000 "siteA-siteB": ESP algorithm newest: AES_CBC_256-HMAC_SHA2_256_128; > pfsgroup=MODP2048 > 000 #1500220: "siteA-siteB":4500 STATE_PARENT_R2 (received v2I2, PARENT SA > established); EVENT_SA_REKEY in 82924s; newest ISAKMP; idle; > 000 #1500257: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 664s; isakmp#1500220; idle; > 000 #1500257: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500261: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 725s; isakmp#1500220; idle; > 000 #1500261: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500275: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 838s; isakmp#1500220; idle; > 000 #1500275: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=60B > ESPout=112B! ESPmax=0B > 000 #1500287: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 956s; isakmp#1500220; idle; > 000 #1500287: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500289: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 961s; isakmp#1500220; idle; > 000 #1500289: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500299: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1022s; isakmp#1500220; idle; > 000 #1500299: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500303: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1051s; isakmp#1500220; idle; > 000 #1500303: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500311: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1082s; isakmp#1500220; idle; > 000 #1500311: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=60B > ESPout=112B! ESPmax=0B > 000 #1500325: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1177s; isakmp#1500220; idle; > 000 #1500325: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500330: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1228s; isakmp#1500220; idle; > 000 #1500330: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500333: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1249s; isakmp#1500220; idle; > 000 #1500333: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500334: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1263s; isakmp#1500220; idle; > 000 #1500334: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500336: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1270s; isakmp#1500220; idle; > 000 #1500336: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500338: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1280s; isakmp#1500220; idle; > 000 #1500338: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500342: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1312s; isakmp#1500220; idle; > 000 #1500342: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500343: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1312s; isakmp#1500220; idle; > 000 #1500343: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500345: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1319s; isakmp#1500220; idle; > 000 #1500345: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500348: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1333s; isakmp#1500220; idle; > 000 #1500348: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500351: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1358s; isakmp#1500220; idle; > 000 #1500351: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500357: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1382s; isakmp#1500220; idle; > 000 #1500357: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500361: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1390s; isakmp#1500220; idle; > 000 #1500361: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500362: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1400s; isakmp#1500220; idle; > 000 #1500362: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500363: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1403s; isakmp#1500220; idle; > 000 #1500363: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500367: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1424s; isakmp#1500220; idle; > 000 #1500367: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500369: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1427s; isakmp#1500220; idle; > 000 #1500369: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500370: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1439s; isakmp#1500220; idle; > 000 #1500370: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=60B > ESPout=112B! ESPmax=0B > 000 #1500380: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1509s; isakmp#1500220; idle; > 000 #1500380: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500381: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1509s; isakmp#1500220; idle; > 000 #1500381: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500390: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1531s; isakmp#1500220; idle; > 000 #1500390: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500392: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1537s; isakmp#1500220; idle; > 000 #1500392: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500401: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1567s; isakmp#1500220; idle; > 000 #1500401: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500405: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1575s; isakmp#1500220; idle; > 000 #1500405: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500411: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1605s; isakmp#1500220; idle; > 000 #1500411: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500414: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1609s; isakmp#1500220; idle; > 000 #1500414: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500416: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1613s; isakmp#1500220; idle; > 000 #1500416: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500419: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1614s; isakmp#1500220; idle; > 000 #1500419: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500422: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1634s; isakmp#1500220; idle; > 000 #1500422: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500423: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1636s; isakmp#1500220; idle; > 000 #1500423: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500425: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1638s; isakmp#1500220; idle; > 000 #1500425: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500428: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1659s; isakmp#1500220; idle; > 000 #1500428: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500431: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1668s; isakmp#1500220; idle; > 000 #1500431: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500443: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1709s; isakmp#1500220; idle; > 000 #1500443: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500447: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1737s; isakmp#1500220; idle; > 000 #1500447: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=60B > ESPout=112B! ESPmax=0B > 000 #1500462: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1782s; isakmp#1500220; idle; > 000 #1500462: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500463: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1784s; isakmp#1500220; idle; > 000 #1500463: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500468: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1794s; isakmp#1500220; idle; > 000 #1500468: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500469: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1796s; isakmp#1500220; idle; > 000 #1500469: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500470: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1796s; isakmp#1500220; idle; > 000 #1500470: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500477: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1825s; isakmp#1500220; idle; > 000 #1500477: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500479: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1828s; isakmp#1500220; idle; > 000 #1500479: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500481: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1829s; isakmp#1500220; idle; > 000 #1500481: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500487: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1849s; isakmp#1500220; idle; > 000 #1500487: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500488: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1855s; isakmp#1500220; idle; > 000 #1500488: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500499: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1882s; isakmp#1500220; idle; > 000 #1500499: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500501: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1883s; isakmp#1500220; idle; > 000 #1500501: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500502: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1884s; isakmp#1500220; idle; > 000 #1500502: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500503: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1886s; isakmp#1500220; idle; > 000 #1500503: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500505: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1889s; isakmp#1500220; idle; > 000 #1500505: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500509: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1903s; isakmp#1500220; idle; > 000 #1500509: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500513: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1923s; isakmp#1500220; idle; > 000 #1500513: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500519: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1958s; isakmp#1500220; idle; > 000 #1500519: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500522: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1960s; isakmp#1500220; idle; > 000 #1500522: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500526: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 1968s; isakmp#1500220; idle; > 000 #1500526: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500539: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 2021s; isakmp#1500220; idle; > 000 #1500539: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=60B > ESPout=112B! ESPmax=0B > 000 #1500550: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 2061s; isakmp#1500220; idle; > 000 #1500550: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500558: "siteA-siteB":4500 STATE_PARENT_R2 (received v2I2, PARENT SA > established); EVENT_SA_REKEY in 84888s; idle; > 000 #1500559: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 2088s; isakmp#1500558; idle; > 000 #1500559: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500564: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 2100s; isakmp#1500220; idle; > 000 #1500564: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500570: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 2130s; isakmp#1500220; idle; > 000 #1500570: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500581: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 2183s; isakmp#1500220; idle; > 000 #1500581: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500595: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 2248s; isakmp#1500220; idle; > 000 #1500595: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500615: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 2339s; isakmp#1500220; idle; > 000 #1500615: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=60B > ESPout=112B! ESPmax=0B > 000 #1500634: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 2431s; isakmp#1500220; idle; > 000 #1500634: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500635: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 2433s; isakmp#1500220; idle; > 000 #1500635: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=0B > ESPout=0B! ESPmax=0B > 000 #1500666: "siteA-siteB":4500 STATE_V2_IPSEC_R (IPsec SA established); > EVENT_SA_REKEY in 2621s; newest IPSEC; eroute owner; isakmp#1500220; idle; > 000 #1500666: "siteA-siteB" [email protected] [email protected] > [email protected] [email protected] ref=0 refhim=0 Traffic: ESPin=180B > ESPout=336B! ESPmax=0B tail -f /var/log/pluto.log | grep "siteA-siteB" 145123: "siteA-siteB" #1549735: EXPECTATION FAILED: not replacing stale > CHILD SA #1549735; as already got a newer #1549897 (in v2_event_sa_rekey() > at ikev2_parent.c:6377) > 145197: "siteA-siteB" #1549735: deleting state (STATE_V2_IPSEC_R) aged > 3330.008s and sending notification > 145259: "siteA-siteB" #1549735: ESP traffic information: in=0B out=0B > 175711: "siteA-siteB" #1549750: proposal > 1:ESP=AES_CBC_256-HMAC_SHA2_256_128-MODP2048-DISABLED SPI=cfc68a47 chosen > from remote proposals > 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED[first-match] > 2:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED > 175888: "siteA-siteB" #1549750: received delete request for PROTO_v2_ESP > SA(0xc8127f1c) but corresponding state not found > 175912: "siteA-siteB" #1549750: STATE_PARENT_R2: received v2I2, PARENT SA > established > 183195: "siteA-siteB" #1549898: negotiated new IPsec SA > [10.10.10.75-10.10.10.75:0-65535 0] -> [172.17.19.2-172.17.19.2:0-65535 0] > 183247: "siteA-siteB" #1549898: negotiated connection > [10.10.10.75-10.10.10.75:0-65535 0] -> [172.17.19.2-172.17.19.2:0-65535 0] > 183274: "siteA-siteB" #1549898: STATE_V2_IPSEC_R: IPsec SA established > tunnel mode {ESP/NAT=>0xcfc68a47 <0x6ec92183 > xfrm=AES_CBC_256-HMAC_SHA2_256_128-MODP2048 NATOA=none NATD= > 3.74.142.234:4500 DPD=active} -- ipsec.conf: config setup plutodebug="control parsing" plutodebug="all crypt" virtual_private=%v4: 10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10 listen=a.b.c.222 protostack=netkey plutodebug=none uniqueids=no virtual_private=%v4:10.0.0.0/8 logfile=/var/log/pluto.log conn siteA-siteB auto=start keyexchange=ike authby=secret type=tunnel ikev2=insist encapsulation=yes ike=aes256-sha2_256;modp2048 salifetime=1h ikelifetime=24h phase2=esp phase2alg=aes256-sha2_256;modp2048 left=a.b.c.222 leftsubnet=10.10.10.75/32 right=x.y.z.233 rightsubnet=172.17.19.2/32 mark=5/0xffffffff vti-interface=vti0 vti-routing=yes vti-shared=yes pfs=yes dpddelay=10 dpdtimeout=30 dpdaction=restart -- Thank you. Regards
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
