Connections over opportunistic IPsec drop few minutes after restart

Solution Verified - Updated -


Some connections over opportunistic IPsec tunnels stop passing traffic few minutes after the ipsec.service was restarted. The IPsec connections still appear established successfully.
This issue is being hit often after a cluster-wide restart of ipsec.service, e.g. after an upgrade of libreswan.


  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • OpenShift Container Platform
  • libreswan

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In