While using IKE policy with version v2,
the IPsec siteconnection status always down.
From librewan wiki[1], the "phase2" in IKEv2 mistakenly
calls itself a PARENT SA which same as "phase1",
This is a known bug for some versions of libreswan.
For the newer versions of libreswan(3.20+),
the "IPsec SA established" will successful output if
phase2 state established.
Here we match the "established" and "newest IPSEC" for
an established IPSEC SA.
Reviewed: https:/ /review. openstack. org/605101 /git.openstack. org/cgit/ openstack/ neutron- vpnaas/ commit/ ?id=3f36a0a552c 30f103966ddfbd1 373fd04aa8a9f4
Committed: https:/
Submitter: Zuul
Branch: stable/queens
commit 3f36a0a552c30f1 03966ddfbd1373f d04aa8a9f4
Author: Dongcan Ye <email address hidden>
Date: Thu Jul 12 09:00:13 2018 +0000
Match IPSEC SA established state
While using IKE policy with version v2,
the IPsec siteconnection status always down.
From librewan wiki[1], the "phase2" in IKEv2 mistakenly
calls itself a PARENT SA which same as "phase1",
This is a known bug for some versions of libreswan.
For the newer versions of libreswan(3.20+),
the "IPsec SA established" will successful output if
phase2 state established.
Here we match the "established" and "newest IPSEC" for
an established IPSEC SA.
[1] https:/ /libreswan. org/wiki/ How_to_ read_status_ output
Change-Id: Iffff7d00f48e69 fbc53bb45df17d6 a5be6760a6d 67b0155284c0b7d 30af44e5b3)
Closes-Bug: #1781354
(cherry picked from commit 321392b9a7d2881