-
Notifications
You must be signed in to change notification settings - Fork 746
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ipsec setup two SAs with one config #1801
Comments
This can obviously happen if two peers establish the same SA concurrently. It shouldn't be a problem. Not that it has anything to do with this, but please not that you are mixing new and old management commands ( |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
System (please complete the following information):
Describe the bug
I have one config file on each device. Such as SUN and MOON. And they are running in gw-gw mode.
With the repdoduce steps. you can see two SAs on SUN and MOON with "swanctl --list-sas"
It can be reproduced consistently .
To Reproduce
Steps to reproduce the behavior:
Execute the below commands on both MOON and SUN.
ipsec down gw-gw
ipsec stop
Then execute the below commands on both MOON and SUN.
ipsec start
sleep 1
swanctl --load-all
ipsec up gw-gw
swanctl --list-sas
Expected behavior
Will observe two sas with swanctl --list-sas
It's not correct, one conf will and only setup one SA.
Logs/Backtraces
swanctl --list-sas
gw-gw: #2, ESTABLISHED, IKEv2, e9b350b334d4471c_i da041b06af808f25_r*
local '192.168.91.101' @ 192.168.91.101[500]
remote '192.168.91.100' @ 192.168.91.100[500]
AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256_BP
established 1342s ago, reauth in 1549s
net-net: #1, reqid 1, INSTALLED, TUNNEL, ESP:AES_GCM_16-128
installed 1342s ago, rekeying in 1931s, expires in 2618s
in c2afa150, 0 bytes, 0 packets
out cfaa84e8, 0 bytes, 0 packets
local 192.168.41.0/24
remote 192.168.51.0/24
gw-gw: #1, ESTABLISHED, IKEv2, fded340ca66d743b_i* 748d52d67f2a643a_r
local '192.168.91.101' @ 192.168.91.101[500]
remote '192.168.91.100' @ 192.168.91.100[500]
AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256_BP
established 1339s ago, reauth in 1473s
net-net: #2, reqid 1, INSTALLED, TUNNEL, ESP:AES_GCM_16-128
installed 1339s ago, rekeying in 1999s, expires in 2621s
in c0552846, 0 bytes, 0 packets
out cf229fb8, 0 bytes, 0 packets
local 192.168.41.0/24
remote 192.168.51.0/24
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: