[strongSwan] Replay state copy problem after UPD_SA_ADDR, ikev2/mobike
Martin Willi
martin at strongswan.org
Thu Feb 9 14:03:36 CET 2012
Hello Kimmo,
> I'm using strongswan 4.6.1 as vpn server, Centos 5.7 with kernel
> 2.6.18-274.7.1.el5.
> 06[KNL] unable to copy replay state from old SAD entry with SPI
> c62cb34c
To update IP addresses in the Linux kernel SA state, we have to
reinstall the whole SA. This resets the ESP sequence numbers. To make
things work, we update the SA sequence number after this process.
The major changes to query and update sequence numbers have been
introduced with Linux 2.6.17. I don't know why it doesn't work with
2.6.18, possible that there are some bugs.
To get MOBIKE working, I'd recommend to switch to a newer kernel.
Regards
Martin
More information about the Users
mailing list