[Openswan Users] Multiple EVENT_SA_REPLACEs for same connection
Paul Wouters
paul at xelerance.com
Sat Apr 28 16:41:23 EDT 2007
On Sat, 28 Apr 2007, Toby Chamberlain wrote:
> After upgrading from 2.2.0 to 2.4.6 (ie Debian sarge->etch) clients using
> the ebootis Windows ipsec.exe tool are suddenly unable to access the
> internal LAN after running fine for days previously. When this happens,
> ipsec auto --status shows a number of identical connections, all with
> EVENT_SA_REPLACE (I would expect one _REPLACE and any others _EXPIRE). This
> situation seems to happen randomly every few days - the connections are up
> and running fine, then suddenly no traffic can get through until the
> connection is taken down and reestablished, with ipsec auto showing multiple
> tunnels like this:
>
> Server# ipsec auto --status | grep RoadWarrior | grep "IPsec SA est"
> 000 #858: "RoadWarrior-Server"[8] 222.333.444.555:4500 STATE_QUICK_R2 (IPsec
> SA established); EVENT_SA_REPLACE in 1367s
> 000 #849: "RoadWarrior-Server"[8] 222.333.444.555:4500 STATE_QUICK_R2 (IPsec
> SA established); EVENT_SA_REPLACE in 407s
I believe this bug is still present in 2.4.8rc1, though you might want to give
that a try anyway. If it remains, could you post a sucecssfull rekey and a
failed rekey using plutodebug=controlmore to the mailingliist or to the openswan
bug tracker bug# 645.
Are you using netkey?
Paul
More information about the Users
mailing list