
<div dir="ltr">Hi, <div><br></div><div style>Anyone idea on this issue for "Multiple IKE SA" request for same connection? Is there any bug in strongswan version 4.5.3 for this scenario?</div><div style><br></div>

<div style>Thanks. </div><div style>Jegathesh.M </div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Apr 6, 2013 at 4:33 PM, jegathesh malaiyappan <span dir="ltr"><<a href="mailto:mjegakathir@gmail.com" target="_blank">mjegakathir@gmail.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><p></p><p><span style="font-size:12pt;font-family:Arial,sans-serif">Hi, </span><span style="font-size:12pt;font-family:'Times New Roman',serif"></span></p>


<p><b><span style="font-size:12pt;font-family:Arial,sans-serif">Strongswan Version</span></b><span style="font-size:12pt;font-family:Arial,sans-serif">:  </span><span style="font-size:12pt;font-family:Arial,sans-serif;color:red">4.5.3</span></p>


<p><span style="font-family:Arial,sans-serif;font-size:12pt">I have a two policy

with same Local End point and remote end point , as a connection name of </span><b style="font-family:Arial,sans-serif;font-size:12pt"><span style="background-color:yellow">"conn2 & conn3"</span></b><span style="font-family:Arial,sans-serif;font-size:12pt;background-color:yellow">.</span><span style="font-family:Arial,sans-serif;font-size:12pt"> </span><br>


</p>


<p><span style="font-family:Arial,sans-serif;font-size:12pt">One IKE SA and Two

Child SA Established successfully. Otherend, i am downing the

strongswan and IKE SA and Two Child SA's are deleted. </span></p>


<p><span style="font-family:Arial,sans-serif;font-size:12pt">Now, I am

re-triggering the two connection using the following, </span><br></p>


<p><b><span style="font-size:12pt;font-family:Arial,sans-serif">         ipsec up

conn2 & </span></b><br></p>


<p><b><span style="font-size:12pt;font-family:Arial,sans-serif">         ipsec up

conn3 & </span></b><span style="font-family:Arial,sans-serif;font-size:12pt"> </span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">But, two IKE

SA established with name of </span><span style="font-family:Arial,sans-serif;font-size:16px"> </span><span style="font-family:Arial,sans-serif;font-size:16px;background-color:red">conn2. </span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif"> </span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif"><snip></span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">conn2[2]: ESTABLISHED

7 seconds ago, 11.1.1.1[192.168.255.129]...11.1.1.10</span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">     

 <span style="background-color:red">conn2[2]:</span> IKE SPIs:

285b6ac581fd9df5_i* d16466cdf884bcc2_r, rekeying in 23 hours</span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">       <span style="background-color:red">conn2[2]:</span> IKE proposal:

AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024</span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">     

 </span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">     

 <span style="background-color:red">conn2[3]:</span>

ESTABLISHED 7 seconds ago, 11.1.1.1[192.168.255.129]...11.1.1.10</span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">     

 <span style="background-color:red">conn2[3]:</span> IKE SPIs:

902b959bb0edd0d7_i* 55c7d31308336b14_r, rekeying in 23 hours</span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">       <span style="background-color:red">conn2[3]:</span> IKE proposal:

AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024</span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif"> </span><span style="font-family:Arial,sans-serif;font-size:12pt"></snip></span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif"> </span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">Strongswan Logs:</span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">==============</span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif"> </span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">2004-01-01T00:06:40.739454+00:00

10 [info]      charon:  16[CFG] received stroke: initiate

'conn2'</span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">2004-01-01T00:06:40.739507+00:00

10 [info]      charon:  16[CFG] received stroke: initiate

'conn2'</span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">2004-01-01T00:06:40.740338+00:00

10 [info]      charon:  14[IKE] initiating IKE_SA conn2[2]

to 11.1.1.10</span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">2004-01-01T00:06:40.740378+00:00

10 [info]      charon:  14[IKE] initiating IKE_SA conn2[2]

to 11.1.1.10</span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif"> </span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">2004-01-01T00:06:40.752523+00:00

10 [info]      charon:  08[CFG] received stroke: initiate

'conn3'</span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">2004-01-01T00:06:40.752571+00:00

10 [info]      charon:  08[CFG] received stroke: initiate

'conn3'</span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">2004-01-01T00:06:40.753148+00:00

10 [info]      charon:  15[IKE] initiating IKE_SA conn2[3]

to 11.1.1.10</span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">2004-01-01T00:06:40.753187+00:00

10 [info]      charon:  15[IKE] initiating IKE_SA conn2[3]

to 11.1.1.10</span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif"> </span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">Is this

expected behaviour in strongswan? </span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif"> </span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">Please someone help me

on this. </span></p><span class="HOEnZb"><font color="#888888">


<p><span style="font-size:12pt;font-family:Arial,sans-serif"> </span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">-- </span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">By</span></p>


<p><span style="font-size:12pt;font-family:Arial,sans-serif">M.Jegathesh,</span></p>


<p><span style="color:rgb(23,54,93)"> </span></p><p></p></font></span></div>

</blockquote></div><br><br clear="all"><div><br></div>-- <br><div>By</div>M.Jegathesh,<br>Bangalore

</div>