Red Hat Bugzilla – Bug 1283468
keyingtries=0 is broken - meaning it is interpreted as keyingtries=1
Last modified: 2016-11-08 06:21:42 EST
Bug was introduced upstream in 3.15 only. Patch is in upstream git 3c8dc46d53e3e5004b88f30b5ec3d06d5337951c
Adding a Regression keyword.
It might be good to fix this either in 7.2.z or 7.3.0. It is not really FIPS-related but I might be quite important.
note the effects are: if during negotiation failure there is a temporary problem, it will not try to connect for more than one time. If the connection is up, and the remote end sends a delete ( eg restats) the local end will not attempt to reconnect (but the remote end might)
the default values is 0 (keep retrying forever)
(In reply to Paul Wouters from comment #7) > the default values is 0 (keep retrying forever) Ah, that is correct (I was mistakenly looking into ipsec_pluto(8) where the default value is 3).
Fixed ipsec_pluto man page upstream :)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2016-2603.html