Project

General

Profile

Issue #3311

Random problem - "unable to install policy 172.16.0.0/12 === 172.16.x.x/29 out for reqid 236, the same policy for reqid 89 exists"

Added by Joao Carlos Alves 8 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Affected version:
5.8.2
Resolution:
No feedback

Description

hello,

I'm facing this issue randomly, and I was able to get out of it by doing ipsec restart.

The problem is that I can't do it easily because I've other tunnels running that I don't wont to tear down.

I've tried:

ipsec down name
ipsec down name{*}
ipsec down name[*]
ipsec stroke unroute name
ipsec stroke purgeike

removed the config and did ipsec reload/update

and none work to clear this stuck sa that I can't even see with ipsec statusall.

Jan 15 14:32:47 12[CFG] <name|242> unable to install policy 172.16.0.0/12 === 172.16.x.x/29 out for reqid 236, the same policy for reqid 89 exists
Jan 15 14:32:47 12[IKE] <name|242> unable to install IPsec policies (SPD) in kernel
Jan 15 14:32:47 12[ENC] <name|242> added payload of type NOTIFY to message
Jan 15 14:32:47 12[IKE] <name|242> failed to establish CHILD_SA, keeping IKE_SA
Jan 15 14:32:47 12[CHD] <name|242> CHILD_SA name{776} state change: INSTALLING => DESTROYING
Jan 15 14:32:47 12[KNL] <name|242> deleting policy 172.16.0.0/12 === 172.16.x.x/29 out
Jan 15 14:32:47 12[KNL] <name|242> policy still used by another CHILD_SA, not removed
Jan 15 14:32:47 12[KNL] <name|242> not updating policy 172.16.0.0/12 === 172.16.x.x/29 out [priority 379007, refcount 1]
Jan 15 14:32:47 12[KNL] <name|242> deleting policy 172.16.x.x/29 === 172.16.0.0/12 in

This originates a response to the initiator os TS_UNACCEPT and the connection never completes.

How can I clear the policy originated by reqid 89 without restarting the process?

Thanks

History

#1 Updated by Tobias Brunner 8 months ago

  • Status changed from New to Feedback

Are you actually using 5.8.2? Please see HelpRequests.

#2 Updated by Tobias Brunner about 1 month ago

  • Status changed from Feedback to Closed
  • Resolution set to No feedback

Also available in: Atom PDF