- User Since
- Oct 31 2021, 3:16 PM (40 w, 2 d)
Thu, Aug 4
From the strongswan 5.9.6 changelog:
Actively initiating duplicate CHILD_SAs within the same IKE_SA is now largely prevented. This can happen if trap policies are installed and an IKE_SA with its CHILD_SAs is reestablished (e.g. with break-before-make reauthentication or dpd_action=restart). This does not prevent duplicates if they are initiated by the two peers concurrently.
Jun 27 2022
I think this is a BUG, not a feature.
If I enable mpls on an interface, then the proper sysctl flags must be applied and be persistent.
Apr 14 2022
Relevant configuration on one PE router:
Nov 8 2021
When I manually add the "vrf red" with vtysh, then the frr config is like the one you reported.
Nov 2 2021
Additional note: this, of course, breaks the 'red' vrf connectivity.
If I manually add, using vtysh, the
vrf red vni 3000
everything on the 'red' vrf works fine.