Hi Tobias, Thanks for your response.
> Stating this without also providing the reason for it (or at least a > log) makes it hard to help you. If you are getting errors related to > reqids when the daemon attempts to install the IPsec policies, you > should update to 5.3.x. Let me attach a charon.log we took as we replicated the issue. I see several messages like these: Jul 30 17:35:59 03[CFG] <srxgw|1> unable to install policy 0.0.0.0/0 === 0.0.0.0/0 out (mark 0/0x00000000) for reqid 2, the same policy for reqid 1 exists Jul 30 17:35:59 03[CFG] <srxgw|1> unable to install policy 0.0.0.0/0 === 0.0.0.0/0 in (mark 0/0x00000000) for reqid 2, the same policy for reqid 1 exists Jul 30 17:35:59 03[CFG] <srxgw|1> unable to install policy 0.0.0.0/0 === 0.0.0.0/0 fwd (mark 0/0x00000000) for reqid 2, the same policy for reqid 1 exists Jul 30 17:35:59 03[CFG] <srxgw|1> unable to install policy 0.0.0.0/0 === 0.0.0.0/0 out (mark 0/0x00000000) for reqid 2, the same policy for reqid 1 exists Jul 30 17:35:59 03[CFG] <srxgw|1> unable to install policy 0.0.0.0/0 === 0.0.0.0/0 in (mark 0/0x00000000) for reqid 2, the same policy for reqid 1 exists Jul 30 17:35:59 03[CFG] <srxgw|1> unable to install policy 0.0.0.0/0 === 0.0.0.0/0 fwd (mark 0/0x00000000) for reqid 2, the same policy for reqid 1 exists Jul 30 17:35:59 03[IKE] <srxgw|1> unable to install IPsec policies (SPD) in kernel Are these the messages you were referring to? Br, Joern 2015-07-30 17:19 GMT+02:00 Tobias Brunner <[email protected]>: > Hi Joern, > >> Immediately strongswan deletes Child SA of its own initiated tunnel > > Stating this without also providing the reason for it (or at least a > log) makes it hard to help you. If you are getting errors related to > reqids when the daemon attempts to install the IPsec policies, you > should update to 5.3.x. > > Regards, > Tobias >
charon.log
Description: Binary data
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
