mamgame

Yes above happens with mainline 5.1..I want to post those logs first as after applying Commit dbc3f97, I saw more errors. Please see attached log [5.1withdbc3f97.log](https://github.com/user-attachments/files/19555955/5.1withdbc3f97.log)

I think I am seeing multiple of these dup bare shunts. I didnt see this with 5.0 though. Total IPsec connections: loaded 9, active 3 State Information: DDoS cookies not...

@cagney I am trying what you mentioned in issue #2108 soon and update .But I have another setup in which I tried to see if I run into what you...

Just want to add I have run into same IKE _AUTH issue in my setup (I use OE) but ran into the issue where both ends have mismatched SPI. #...

Thank you @The-Mule understood, I am using opportunistic and auto=route which explains the behaviour, but in my scenario of a multi-node cluster, I hit this very frequently. If you plan...

@The-Mule for opportunistic connections on demand will be temporary. I see this issue ver frequently on SA expiry. **NODE 1 SPI MISMATCH** [root@adm08vm02 ~]# ip -s x s | grep...

Thank you @The-Mule for the response. Yes, you're right its broken connecrion—it's due to the mismatched SPI between the two nodes (srcip -> dstip) pair, as I show above ....

> Pushed v2 patch. It seems to be passing my testing but definitely more testing is needed. I can help test the fix if its ready, Can I patch it...

@paulwouters Kindly wanted to check , this message comes from xfrm subsystem "private-or-clear#192.201.82.0/24"[8] ...192.201.82.2 #49: cannot install kernel policy 192.201.82.1/32===192.201.82.2/32; in use by negotiating Child SA "private-or-clear#192.201.82.0/24"[1] ...192.201.82.2> As it...

This is indeed the unique case of offload when these two interfaces are two physical ports on same NIC.I see this only happening between the two local ports 192.201.82.3(left in...