Connections over opportunistic IPsec drop few minutes after restart

Solution Verified - Updated -

Issue

Some connections over opportunistic IPsec tunnels stop passing traffic few minutes after the ipsec.service was restarted. The IPsec connections still appear established successfully.
This issue is being hit often after a cluster-wide restart of ipsec.service, e.g. after an upgrade of libreswan.

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • OpenShift Container Platform
  • libreswan

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In