Hi Paul,
there is an IKEv2 IPSec connection (the device on the other side is a
Palo Alto), where one side has one (leftsubnet) and ~12 subnets
(rightsubnets) on the other side.
When expanding righsubnets, the following was logged by libreswan and
died. The current libreswan version is 4.3.
My question is, what could have caused this? maybe this is already known?
pluto[19191]: "test/0x11" #36161: negotiated connection
[10.10.10.0-10.10.10.255:0-65535 0] -> [10.20.0.0-10.20.255.255:0-65535 0]
pluto[19191]: "test/0x11" #36161: IPsec SA established tunnel mode
{ESP=>0xfc554696 <0x31268fc3 xfrm=AES_CBC_256-HMAC_SHA2_256_128-MODP2048
NATOA=none NATD=none DPD=active}
pluto[19191]: "test/0x13" #36163: sent CREATE_CHILD_SA request for new
IPsec SA
pluto[19191]: "test/0x13" #36163: state transition 'Process
CREATE_CHILD_SA IPsec SA Response' failed with v2N_TS_UNACCEPTABLE
pluto[19191]: "test/0x13" #36163: STATE_V2_NEW_CHILD_I1: retransmission;
will wait 0.5 seconds for response
pluto[19191]: ABORT: ASSERTION FAILED: *chosen_proposal == NULL (in
ikev2_process_sa_payload() at ikev2_spdb_struct.c:1142)
Thank you for your help!
laca
--
Bán László <l...@andrews.hu>
Andrews IT Engineering Kft.
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
