Bug 1574456 - libreswan: shared IKE SA leads to rekey interop issues [rhel-7.5.z]
Summary: libreswan: shared IKE SA leads to rekey interop issues [rhel-7.5.z]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libreswan
Version: 7.6
Hardware: All
OS: Linux
high
medium
Target Milestone: rc
: ---
Assignee: Paul Wouters
QA Contact: Ondrej Moriš
URL:
Whiteboard:
Depends On: 1572425
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-05-03 11:13 UTC by Oneata Mircea Teodor
Modified: 2018-06-26 16:48 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Previously, when multiple IPsec Security Associations (SAs) shared the same Internet Key Exchange (IKE) SA and rekey events took place, not all state was properly transferred to a new connection. That could lead to multiple IKE SAs, and certain devices returned the `INVALID_IKE_SPI` error message. The devices also deleted all their IKE SAs. With this update, all state is properly transferred to a new connection, and Libreswan no longer creates duplicate IKE SAs.
Clone Of: 1572425
Environment:
Last Closed: 2018-06-26 16:48:52 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:1982 0 None None None 2018-06-26 16:48:58 UTC

Description Oneata Mircea Teodor 2018-05-03 11:13:35 UTC
This bug has been copied from bug #1572425 and has been proposed to be backported to 7.5 z-stream (EUS).

Comment 5 errata-xmlrpc 2018-06-26 16:48:52 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1982


Note You need to log in before you can comment on or make changes to this bug.