0

While using Libreswan Version 4.3 on RHEL-8, I am getting the following logs while IPsec is blocking all traffics.

How can i resolve these errors of existing connection instance and conflicting existing bare shunt? any help is appreciated.

ignoring found existing connection instance\"private#100.120.0.0/16\"[36] ...100.120.0.120 that covers kernel acquire with IKE state #0 and IPsec state #0 - due to duplicate acquire?
\"private#111.111.0.0/16\"[36] ... 111.111.111.111 #66: STATE_PARENT_I1: retransmission: will wait 10 seconds for response
\"private#111.111.0.0/16\"[36] ... 111.111.111.111 #65: deleting state (STATE_PARENT_I1) aged 55.55s and NOT sending notification
\"private#111.111.0.0/16\"[36] ... 111.111.111.111 #66: STATE_PARENT_I1: 60 second timeout exceeded after 7 transmits. No response (or no acceptable response) to our first IKEv2 message
Conflicting new bare shunt 0x7564849abc123 111.111.111.111/32:0 --0-->111.111.111.111/32:0 => %hold 0    oe-negotiating
CONFLICTING existing bare shunt 0x7564849abc123 111.111.111.111/32:0 --0-->111.111.111.111/32:0 =>%drop 0    oe-falling"
Improve this question
3
  • No response (or no acceptable response) to our first IKEv2 message ...... Did you set up Phase 1 and Phase 2? Clear the logs and see if Phase 1 is connecting.
    – anon
    Commented Oct 20, 2021 at 13:07
  • What should i look for in logs to verify that? can i search "phase 1" and "phase 2" to make sure?
    – robinhoodjr
    Commented Oct 20, 2021 at 13:38
  • I have not used the IPsec you have but my overall log shows Phase 1 and Phase 2 activity. Important items: (1) connection (2) Phase 1 completion (3) Phase 2 completion. Look for these items in your main log.
    – anon
    Commented Oct 20, 2021 at 13:41

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .