[Openswan Users] multiple EVENT_SA_REPLACE
Paul Wouters
paul at xelerance.com
Wed Jan 12 20:08:58 EST 2011
On Wed, 12 Jan 2011, Omar Armas wrote:
> My problem is that when I do an ipsec auto --status, for a tunnel with 3
> days of life, I get literally thousands of messages like this:
>
> "000 #5957: "to-33"[3] 189.X.X.145:62374 STATE_QUICK_R2 (IPsec SA
> established); EVENT_SA_REPLACE in 1465s
> 000 #5957: "to-33"[3] 189.X.X.145
> esp.9dfd919f at 189.X.X.145esp.67479afd@201.Y.Y.Ytun.0 at 189.X.X.145tun.0@201.Y.Y.Y
> As far as I know, I should have a single SA per tunnel, shoudn´t I?
Yes.
> Linux Openswan U2.4.12/K2.6.26-2-686 (netkey)
Please upgrade to at LEAST 2.4.15, preferably 2.6.32
Paul
More information about the Users
mailing list