Page MenuHomeVyOS Platform
Create Task
Maniphest T7257

Multiple IPSEC SA not initiating/IPSec SA not renewing
Closed, ResolvedPublicBUG
Actions

Description

When multiple IPsec Site to Site tunnels are configured only 1 SA will come up. That 1 SA tunnel will not renew without restarting the strongswan service manually.

Details

Version
2025.03.12-1116-rolling
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)
Forum thread
https://forum.vyos.io/t/multiple-ipsec-tunnels-not-coming-up/16249

Event Timeline

CPEng created this task.Tue, Mar 18, 5:31 PM
pasik subscribed.Tue, Mar 18, 5:42 PM
Viacheslav subscribed.Tue, Mar 18, 5:51 PM

Add a set of commands to reproduce (from both sites)

Viacheslav changed the task status from Open to Needs reporter action.Tue, Mar 18, 5:51 PM
CPEng closed this task as Resolved.Thu, Mar 20, 2:50 AM
CPEng claimed this task.

I'm sorry, all it took was to disable PFS. PFS prevented future SA's from happening due to a policy mismatch.