Issue #973: IKEv2 dpd + auto=route + tunnel downtime cause additional CHILD_SAs - strongSwan

Issue #973

IKEv2 dpd + auto=route + tunnel downtime cause additional CHILD_SAs

Added by Noel Kuntze over 10 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Affected version:

5.3.0

Resolution:

Description

Hello,

I encountered the following bug:

When an IKEv2 tunnel withdpdaction=restart and auto=route is down
and traffic reaches the host with a matching policy for that tunnel,
additional CHILD_Sas will be spawned the next time the tunnel is established again.
Also, reauthentication events are acted upon. See the attachements "gw1.log" and "gw2.log"
for details. ipsec.conf of the two sides is in the corresponding _ipsec.conf files.

Kind regards,
Noel

gw1_ipsec.conf (347 Bytes) gw1_ipsec.conf		Noel Kuntze, 29.05.2015 17:39
gw1.log (100 KB) gw1.log		Noel Kuntze, 29.05.2015 17:39
gw2_ipsec.conf (380 Bytes) gw2_ipsec.conf		Noel Kuntze, 29.05.2015 17:39
gw2.log (95.8 KB) gw2.log		Noel Kuntze, 29.05.2015 17:39

Related issues

History

#1 Updated by Noel Kuntze over 8 years ago

Related to Issue #2260: Number of CHILD_SA for a single connection grows over time added

Project

General

Profile

strongSwan

Issues

Issue #973

IKEv2 dpd + auto=route + tunnel downtime cause additional CHILD_SAs

History

#1 Updated by Noel Kuntze over 8 years ago