IPsec rekeying collisions bug
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	Viacheslav
	Jul 21 2022, 10:22 AM

Description

To reproduce
Configure any IPv4 or IPv6 configuration

IPv6 configuration for IPv6 peers:
Lefts site:

set interfaces dummy dum0 address '2001:db8:1111::1/64'
set interfaces ethernet eth1 address '192.0.2.1/24'
set interfaces ethernet eth1 address '2001:db8::1/64'
set vpn ipsec esp-group grp-ESP compression 'disable'
set vpn ipsec esp-group grp-ESP lifetime '28800'
set vpn ipsec esp-group grp-ESP mode 'tunnel'
set vpn ipsec esp-group grp-ESP pfs 'dh-group14'
set vpn ipsec esp-group grp-ESP proposal 10 encryption 'aes256gcm128'
set vpn ipsec esp-group grp-ESP proposal 10 hash 'sha256'
set vpn ipsec ike-group grp-IKE dead-peer-detection action 'hold'
set vpn ipsec ike-group grp-IKE dead-peer-detection interval '30'
set vpn ipsec ike-group grp-IKE dead-peer-detection timeout '120'
set vpn ipsec ike-group grp-IKE ikev2-reauth 'no'
set vpn ipsec ike-group grp-IKE key-exchange 'ikev2'
set vpn ipsec ike-group grp-IKE lifetime '86400'
set vpn ipsec ike-group grp-IKE mobike 'disable'
set vpn ipsec ike-group grp-IKE proposal 10 dh-group '14'
set vpn ipsec ike-group grp-IKE proposal 10 encryption 'aes256gcm128'
set vpn ipsec ike-group grp-IKE proposal 10 hash 'sha256'
set vpn ipsec interface 'eth1'
set vpn ipsec site-to-site peer 2001:db8::2 authentication id '2001:db8::1'
set vpn ipsec site-to-site peer 2001:db8::2 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 2001:db8::2 authentication pre-shared-secret 'SSSeeccRetT'
set vpn ipsec site-to-site peer 2001:db8::2 authentication remote-id '2001:db8::2'
set vpn ipsec site-to-site peer 2001:db8::2 connection-type 'initiate'
set vpn ipsec site-to-site peer 2001:db8::2 ike-group 'grp-IKE'
set vpn ipsec site-to-site peer 2001:db8::2 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer 2001:db8::2 local-address '2001:db8::1'
set vpn ipsec site-to-site peer 2001:db8::2 tunnel 0 esp-group 'grp-ESP'
set vpn ipsec site-to-site peer 2001:db8::2 tunnel 0 local prefix '2001:db8:1111::/64'
set vpn ipsec site-to-site peer 2001:db8::2 tunnel 0 remote prefix '2001:db8:2222::/64

Right site:

set interfaces bridge br1 member interface dum1
set interfaces dummy dum0 address '2001:db8:2222::1/64'
set interfaces ethernet eth1 address '192.0.2.2/24'
set interfaces ethernet eth1 address '2001:db8::2/64'
set system flow-accounting interface 'eth1'
set vpn ipsec esp-group grp-ESP compression 'disable'
set vpn ipsec esp-group grp-ESP lifetime '28800'
set vpn ipsec esp-group grp-ESP mode 'tunnel'
set vpn ipsec esp-group grp-ESP pfs 'dh-group14'
set vpn ipsec esp-group grp-ESP proposal 10 encryption 'aes256gcm128'
set vpn ipsec esp-group grp-ESP proposal 10 hash 'sha256'
set vpn ipsec ike-group grp-IKE dead-peer-detection action 'hold'
set vpn ipsec ike-group grp-IKE dead-peer-detection interval '30'
set vpn ipsec ike-group grp-IKE dead-peer-detection timeout '120'
set vpn ipsec ike-group grp-IKE ikev2-reauth 'no'
set vpn ipsec ike-group grp-IKE key-exchange 'ikev2'
set vpn ipsec ike-group grp-IKE lifetime '86400'
set vpn ipsec ike-group grp-IKE mobike 'disable'
set vpn ipsec ike-group grp-IKE proposal 10 dh-group '14'
set vpn ipsec ike-group grp-IKE proposal 10 encryption 'aes256gcm128'
set vpn ipsec ike-group grp-IKE proposal 10 hash 'sha256'
set vpn ipsec interface 'eth1'
set vpn ipsec site-to-site peer 2001:db8::1 authentication id '2001:db8::2'
set vpn ipsec site-to-site peer 2001:db8::1 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 2001:db8::1 authentication pre-shared-secret 'SSSeeccRetT'
set vpn ipsec site-to-site peer 2001:db8::1 authentication remote-id '2001:db8::1'
set vpn ipsec site-to-site peer 2001:db8::1 connection-type 'none'
set vpn ipsec site-to-site peer 2001:db8::1 ike-group 'grp-IKE'
set vpn ipsec site-to-site peer 2001:db8::1 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer 2001:db8::1 local-address '2001:db8::2'
set vpn ipsec site-to-site peer 2001:db8::1 tunnel 0 esp-group 'grp-ESP'
set vpn ipsec site-to-site peer 2001:db8::1 tunnel 0 local prefix '2001:db8:2222::/64'
set vpn ipsec site-to-site peer 2001:db8::1 tunnel 0 remote prefix '2001:db8:1111::/64'

Show SA

vyos@r14:~$ show vpn ipsec sa
Connection                 State    Uptime    Bytes In/Out    Packets In/Out    Remote address    Remote ID    Proposal
-------------------------  -------  --------  --------------  ----------------  ----------------  -----------  ------------------------
peer_2001-db8--2_tunnel_0  down     2s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  down     2s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  down     2s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  down     2s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  down     2s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  down     2s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  down     3s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  down     3s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  down     3s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  down     3s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  down     3s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  down     3s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  down     4s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  down     4s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  down     4s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  down     5s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  down     5s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  down     5s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  down     5s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  down     6s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  up       1s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  up       1s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
peer_2001-db8--2_tunnel_0  up       1s        0B/0B           0B/0B             2001:db8::2       2001:db8::2  AES_GCM_16_256/MODP_2048
vyos@r14:~$

SA phase 2 reking and deleting every second

Jul 21 13:19:41 r14 charon[7908]: 05[IKE] <peer_2001-db8--2|1> sending DELETE for ESP CHILD_SA with SPI cff66eee
Jul 21 13:19:41 r14 charon[7908]: 05[ENC] <peer_2001-db8--2|1> generating INFORMATIONAL request 693 [ D ]
Jul 21 13:19:41 r14 charon[7908]: 05[NET] <peer_2001-db8--2|1> sending packet: from 2001:db8::1[500] to 2001:db8::2[500] (69 bytes)
Jul 21 13:19:41 r14 charon[7908]: 08[NET] <peer_2001-db8--2|1> received packet: from 2001:db8::2[500] to 2001:db8::1[500] (69 bytes)
Jul 21 13:19:41 r14 charon[7908]: 08[ENC] <peer_2001-db8--2|1> parsed INFORMATIONAL request 717 [ D ]
Jul 21 13:19:41 r14 charon[7908]: 08[IKE] <peer_2001-db8--2|1> received DELETE for ESP CHILD_SA with SPI c3e0cd0d
Jul 21 13:19:41 r14 charon[7908]: 08[IKE] <peer_2001-db8--2|1> closing CHILD_SA peer_2001-db8--2_tunnel_0{702} with SPIs c91d96a0_i (0 bytes) c3e0cd0d_o (0 bytes) and TS 2001:db8:1111::/64 === 2001:db8:2222::/64
Jul 21 13:19:41 r14 charon[7908]: 08[IKE] <peer_2001-db8--2|1> sending DELETE for ESP CHILD_SA with SPI c91d96a0
Jul 21 13:19:41 r14 charon[7908]: 08[IKE] <peer_2001-db8--2|1> CHILD_SA closed
Jul 21 13:19:41 r14 charon[7908]: 08[IKE] <peer_2001-db8--2|1> outbound CHILD_SA peer_2001-db8--2_tunnel_0{708} established with SPIs cedff8b5_i c9f2a668_o and TS 2001:db8:1111::/64 === 2001:db8:2222::/64
Jul 21 13:19:41 r14 charon[7908]: 08[IKE] <peer_2001-db8--2|1> detected CHILD_REKEY collision with CHILD_DELETE
Jul 21 13:19:41 r14 charon[7908]: 08[ENC] <peer_2001-db8--2|1> generating INFORMATIONAL response 717 [ D ]
Jul 21 13:19:41 r14 charon[7908]: 08[NET] <peer_2001-db8--2|1> sending packet: from 2001:db8::1[500] to 2001:db8::2[500] (69 bytes)
Jul 21 13:19:41 r14 charon[7908]: 08[NET] <peer_2001-db8--2|1> received packet: from 2001:db8::2[500] to 2001:db8::1[500] (69 bytes)
Jul 21 13:19:41 r14 charon[7908]: 08[ENC] <peer_2001-db8--2|1> parsed INFORMATIONAL response 693 [ D ]
Jul 21 13:19:41 r14 charon[7908]: 08[IKE] <peer_2001-db8--2|1> received DELETE for ESP CHILD_SA with SPI c356fe91
Jul 21 13:19:41 r14 charon[7908]: 08[IKE] <peer_2001-db8--2|1> CHILD_SA closed
Jul 21 13:19:41 r14 charon[7908]: 08[IKE] <peer_2001-db8--2|1> establishing CHILD_SA peer_2001-db8--2_tunnel_0{709} reqid 1
Jul 21 13:19:41 r14 charon[7908]: 08[ENC] <peer_2001-db8--2|1> generating CREATE_CHILD_SA request 694 [ N(REKEY_SA) SA No KE TSi TSr ]
Jul 21 13:19:41 r14 charon[7908]: 08[NET] <peer_2001-db8--2|1> sending packet: from 2001:db8::1[500] to 2001:db8::2[500] (509 bytes)
Jul 21 13:19:41 r14 charon[7908]: 07[NET] <peer_2001-db8--2|1> received packet: from 2001:db8::2[500] to 2001:db8::1[500] (509 bytes)
Jul 21 13:19:41 r14 charon[7908]: 07[ENC] <peer_2001-db8--2|1> parsed CREATE_CHILD_SA request 718 [ N(REKEY_SA) SA No KE TSi TSr ]
Jul 21 13:19:41 r14 charon[7908]: 07[CFG] <peer_2001-db8--2|1> selected proposal: ESP:AES_GCM_16_256/MODP_2048/NO_EXT_SEQ
Jul 21 13:19:41 r14 charon[7908]: 07[IKE] <peer_2001-db8--2|1> inbound CHILD_SA peer_2001-db8--2_tunnel_0{710} established with SPIs c5f6d139_i c6f292e9_o and TS 2001:db8:1111::/64 === 2001:db8:2222::/64
Jul 21 13:19:41 r14 charon[7908]: 07[IKE] <peer_2001-db8--2|1> detected CHILD_REKEY collision with CHILD_REKEY
Jul 21 13:19:41 r14 charon[7908]: 07[ENC] <peer_2001-db8--2|1> generating CREATE_CHILD_SA response 718 [ SA No KE TSi TSr ]
Jul 21 13:19:41 r14 charon[7908]: 07[NET] <peer_2001-db8--2|1> sending packet: from 2001:db8::1[500] to 2001:db8::2[500] (497 bytes)
Jul 21 13:19:41 r14 charon[7908]: 16[NET] <peer_2001-db8--2|1> received packet: from 2001:db8::2[500] to 2001:db8::1[500] (497 bytes)
Jul 21 13:19:41 r14 charon[7908]: 16[ENC] <peer_2001-db8--2|1> parsed CREATE_CHILD_SA response 694 [ SA No KE TSi TSr ]
Jul 21 13:19:41 r14 charon[7908]: 16[CFG] <peer_2001-db8--2|1> selected proposal: ESP:AES_GCM_16_256/MODP_2048/NO_EXT_SEQ
Jul 21 13:19:41 r14 charon[7908]: 16[IKE] <peer_2001-db8--2|1> inbound CHILD_SA peer_2001-db8--2_tunnel_0{709} established with SPIs c6a3d7ba_i cd7b9fd1_o and TS 2001:db8:1111::/64 === 2001:db8:2222::/64
Jul 21 13:19:41 r14 charon[7908]: 16[IKE] <peer_2001-db8--2|1> CHILD_SA rekey collision won, deleting old child peer_2001-db8--2_tunnel_0{703}
Jul 21 13:19:41 r14 charon[7908]: 16[IKE] <peer_2001-db8--2|1> outbound CHILD_SA peer_2001-db8--2_tunnel_0{709} established with SPIs c6a3d7ba_i cd7b9fd1_o and TS 2001:db8:1111::/64 === 2001:db8:2222::/64
Jul 21 13:19:41 r14 charon[7908]: 16[IKE] <peer_2001-db8--2|1> closing CHILD_SA peer_2001-db8--2_tunnel_0{703} with SPIs ca1e824c_i (0 bytes) cf8c8ff0_o (0 bytes) and TS 2001:db8:1111::/64 === 2001:db8:2222::/64
Jul 21 13:19:41 r14 charon[7908]: 16[IKE] <peer_2001-db8--2|1> sending DELETE for ESP CHILD_SA with SPI ca1e824c
Jul 21 13:19:41 r14 charon[7908]: 16[ENC] <peer_2001-db8--2|1> generating INFORMATIONAL request 695 [ D ]
Jul 21 13:19:41 r14 charon[7908]: 16[NET] <peer_2001-db8--2|1> sending packet: from 2001:db8::1[500] to 2001:db8::2[500] (69 bytes)
Jul 21 13:19:41 r14 charon[7908]: 12[NET] <peer_2001-db8--2|1> received packet: from 2001:db8::2[500] to 2001:db8::1[500] (69 bytes)
Jul 21 13:19:41 r14 charon[7908]: 12[ENC] <peer_2001-db8--2|1> parsed INFORMATIONAL request 719 [ D ]
Jul 21 13:19:41 r14 charon[7908]: 12[IKE] <peer_2001-db8--2|1> received DELETE for ESP CHILD_SA with SPI c6f292e9
Jul 21 13:19:41 r14 charon[7908]: 12[IKE] <peer_2001-db8--2|1> closing CHILD_SA peer_2001-db8--2_tunnel_0{710} with SPIs c5f6d139_i (0 bytes) c6f292e9_o (0 bytes) and TS 2001:db8:1111::/64 === 2001:db8:2222::/64
Jul 21 13:19:41 r14 charon[7908]: 12[IKE] <peer_2001-db8--2|1> sending DELETE for ESP CHILD_SA with SPI c5f6d139
Jul 21 13:19:41 r14 charon[7908]: 12[IKE] <peer_2001-db8--2|1> CHILD_SA closed
Jul 21 13:19:41 r14 charon[7908]: 12[ENC] <peer_2001-db8--2|1> generating INFORMATIONAL response 719 [ D ]
Jul 21 13:19:41 r14 charon[7908]: 12[NET] <peer_2001-db8--2|1> sending packet: from 2001:db8::1[500] to 2001:db8::2[500] (69 bytes)
Jul 21 13:19:41 r14 charon[7908]: 13[NET] <peer_2001-db8--2|1> received packet: from 2001:db8::2[500] to 2001:db8::1[500] (69 bytes)
Jul 21 13:19:41 r14 charon[7908]: 13[ENC] <peer_2001-db8--2|1> parsed INFORMATIONAL response 695 [ D ]
Jul 21 13:19:41 r14 charon[7908]: 13[IKE] <peer_2001-db8--2|1> received DELETE for ESP CHILD_SA with SPI cf8c8ff0
Jul 21 13:19:41 r14 charon[7908]: 13[IKE] <peer_2001-db8--2|1> CHILD_SA closed

Collisions Rekey collision:

detected CHILD_REKEY collision with CHILD_DELETE

Swanctl.conf:

vyos@r14:~$ sudo cat /etc/swanctl/swanctl.conf 
### Autogenerated by vpn_ipsec.py ###

connections {
    peer_2001-db8--2 {
        proposals = aes256gcm128-sha256-modp2048
        version = 2
        local_addrs = 2001:db8::1 # dhcp:no
        remote_addrs = 2001:db8::2
        dpd_timeout = 120
        dpd_delay = 30
        rekey_time = 86400s
        mobike = no
        keyingtries = 0
        local {
            id = "2001:db8::1"
            auth = psk
        }
        remote {
            id = "2001:db8::2"
            auth = psk
        }
        children {
            peer_2001-db8--2_tunnel_0 {
                esp_proposals = aes256gcm128-sha256-modp2048
                life_time = 28800s
                local_ts = 2001:db8:1111::/64
                remote_ts = 2001:db8:2222::/64
                ipcomp = no
                mode = tunnel
                start_action = start
                dpd_action = trap
                close_action = 
            }
        }
    }

}

pools {
}

secrets {
    ike_2001-db8--2 {
        id-local = 2001:db8::1 # dhcp:no
        id-remote = 2001:db8::2
        id-localid = 2001:db8::1
        id-remoteid = 2001:db8::2
        secret = "SSSeeccRetT"
    }
}

Details

Difficulty level: Normal (likely a few hours)
Version: VyOS 1.4-rolling-202207200217
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Bug (incorrect behavior)

Related Objects

Mentioned In: T4593: Upgrade strongswan to 5.9.8

Event Timeline

Viacheslav created this task.Jul 21 2022, 10:22 AM

Viacheslav updated the task description. (Show Details)Jul 21 2022, 10:40 AM

Viacheslav updated the task description. (Show Details)Jul 21 2022, 10:43 AM

SrividyaA added a subscriber: SrividyaA.Jul 24 2022, 3:02 PM

Viacheslav renamed this task from IPsec rekeying collisions with IPv6 peers to IPsec rekeying collisions bug.Jul 28 2022, 1:55 PM

Viacheslav triaged this task as High priority.

Viacheslav updated the task description. (Show Details)

pasik added a subscriber: pasik.Jul 28 2022, 4:58 PM

VyOS 1.3-stable-202207280515 is not affected and works as expected

vyos@r14:~$ show vpn ipsec sa
Connection                 State    Uptime    Bytes In/Out    Packets In/Out    Remote address    Remote ID    Proposal
-------------------------  -------  --------  --------------  ----------------  ----------------  -----------  --------------
peer-192.0.2.2-tunnel-0    up       9s        0B/0B           0/0               192.0.2.2         N/A          AES_GCM_16_256
peer-2001:db8::2-tunnel-0  up       9s        0B/0B           0/0               2001:db8::2       N/A          AES_GCM_16_256
vyos@r14:~$

SAs

vyos@r14:~$ sudo swanctl -l
peer-2001:db8::2-tunnel-0: #4, ESTABLISHED, IKEv2, bae267e189f183be_i 008bf75c872ced6a_r*
  local  '2001:db8::1' @ 2001:db8::1[500]
  remote '2001:db8::2' @ 2001:db8::2[500]
  AES_GCM_16-256/PRF_HMAC_SHA2_256/MODP_2048
  established 25s ago, rekeying in 85328s
  peer-2001:db8::2-tunnel-0: #3, reqid 1, INSTALLED, TUNNEL, ESP:AES_GCM_16-256
    installed 25s ago, rekeying in 28178s, expires in 28775s
    in  c762627a,      0 bytes,     0 packets
    out c2278f63,      0 bytes,     0 packets
    local  2001:db8:1111::/64
    remote 2001:db8:2222::/64
peer-192.0.2.2-tunnel-0: #3, ESTABLISHED, IKEv2, c923210fb14e11d5_i 2450ab183218d566_r*
  local  '192.0.2.1' @ 192.0.2.1[500]
  remote '192.0.2.2' @ 192.0.2.2[500]
  AES_GCM_16-256/PRF_HMAC_SHA2_256/MODP_2048
  established 25s ago, rekeying in 85526s
  peer-192.0.2.2-tunnel-0: #4, reqid 2, INSTALLED, TUNNEL, ESP:AES_GCM_16-256
    installed 25s ago, rekeying in 27722s, expires in 28775s
    in  c1892b7b,      0 bytes,     0 packets
    out c8fbbb2f,      0 bytes,     0 packets
    local  100.64.0.0/24
    remote 100.64.55.0/24
vyos@r14:~$

lyricconch added a subscriber: lyricconch.Aug 2 2022, 12:54 AM

ssasso added a subscriber: ssasso.Aug 3 2022, 7:41 AM

ssasso mentioned this in T4593: Upgrade strongswan to 5.9.8.Aug 4 2022, 7:10 AM

I have checked this config on VyOS 1.4-rolling-202212310809 (Strongswan 5.9.8). The problem is the same.

I found that if IPSEC lifetime is large(28800) then this problem occurs.
If lifetime eq 1800 sec, everything works.

a.apostoliuk changed the task status from Open to In progress.Jan 17 2023, 10:08 AM

a.apostoliuk claimed this task.

a.apostoliuk closed this task as Resolved.Jan 20 2023, 8:41 AM

a.apostoliuk reopened this task as Needs testing.

a.apostoliuk closed this task as Resolved.

a.apostoliuk moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.

IPsec rekeying collisions bugClosed, ResolvedPublicBUGActions

Description

Details

Related Objects

Event Timeline

IPsec rekeying collisions bug
Closed, ResolvedPublicBUG
Actions