<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">Hi Martin, Christophe, </span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<br><span style="background-color:rgb(204,204,255)">I have also similar kind of problem posted long time back. But, i didn't get any update on my query. </span><div><span style="background-color:rgb(204,204,255)"><br>
</span></div><div><span style="background-color:rgb(204,204,255)">Looks, Both are discussing the similar problem. Please provide your comments. </span></div><div><br style="background-color:rgb(207,217,255)"><span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">Strongswan Version: Linux strongSwan U4.5.0/K2.6.32.58</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)"><span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">I am facing the issue in allocating the req id for IPSec tunnel and Policy. </span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)"><span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">If we have both the side become a initiator then two SA (in & out) tunnels created for Single SP. </span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)"><span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">"<span class="il" style="background-color:rgb(255,255,204)">reqid</span>" is mismatching between SA and SP. </span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)"><span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">Node A <------------> Node B</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)"><span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">Tunnel established between Node A and Node B.</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)"><span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">I am sending the Ping from Node A to Node B and its failing. </span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)"><span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">Sender Side: (PING Request)</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">=========================</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)"><span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">root@10:~ >ping -I 2.2.2.2 12.12.12.12</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">PING 12.12.12.12 (12.12.12.12) from 2.2.2.2 : 56(84) bytes of data.</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">01:21:03.207543 IP 10.10.10.10 > <a href="http://10.10.10.11/" target="_blank" style="color:rgb(17,85,204)">10.10.10.11</a>: ESP(</span><font color="red" style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">spi=0xc869e935</font><span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">,seq=0x1f), length 96</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">01:21:04.208366 IP 10.10.10.10 > <a href="http://10.10.10.11/" target="_blank" style="color:rgb(17,85,204)">10.10.10.11</a>: ESP(spi=0xc869e935,seq=0x20), length 96</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)"><span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">Security Association Table:</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">========================</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">root@10:~ >ip x s</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">src 10.10.10.10 dst 10.10.10.11</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">proto esp spi </span><font color="red" style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">0xc869e935</font><span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)"> <span class="il" style="background-color:rgb(255,255,204)">reqid</span> 1 mode tunnel</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">replay-window 0 flag 20</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">auth hmac(sha1) 0x000e5af11f3ff6385af7c1452e1e472b5e997f16</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">enc cbc(aes) 0x6eca8ddfa393bb18207de3e75e60bd1d</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">src 10.10.10.11 dst 10.10.10.10</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">proto esp spi 0xc699d2d5 <span class="il" style="background-color:rgb(255,255,204)">reqid</span> 1 mode tunnel</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">replay-window 0 flag 20</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">auth hmac(sha1) 0xc8b39b92ac18c211f5eb32cd6d7d9e10095b0413</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">enc cbc(aes) 0x4997e1f2a391bfdaf1e251fcd18eafd7</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">src 10.10.10.10 dst 10.10.10.11</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">proto esp spi 0xc6c50120 <span class="il" style="background-color:rgb(255,255,204)">reqid</span> 2 mode tunnel</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">replay-window 0 flag 20</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">auth hmac(sha1) 0xf132e706c40deeda21e9147f2dee624423468fa0</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">enc cbc(aes) 0xafdf0fa8e923e35112ace1975044cc75</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">src 10.10.10.11 dst 10.10.10.10</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">proto esp spi 0xc599369c <span class="il" style="background-color:rgb(255,255,204)">reqid</span> 2 mode tunnel</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">replay-window 0 flag 20</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">auth hmac(sha1) 0xbf6a1a52216d4daebb5bb18f9b84e119a7248c9e</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">enc cbc(aes) 0xed45eb6c03ae379b0c51c6739fb74bf9</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">root@10:~ ></span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)"><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">Receiver Side:</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">=============</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">root@10:~ >01:23:28.005013 IP 10.10.10.10 > <a href="http://10.10.10.11/" target="_blank" style="color:rgb(17,85,204)">10.10.10.11</a>: ESP(</span><font color="red" style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">spi=0xc869e935</font><span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">,seq=0x22), length 94</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">01:23:28.005090 IP 2.2.2.2 > <a href="http://12.12.12.12/" target="_blank" style="color:rgb(17,85,204)">12.12.12.12</a>: ICMP echo request, id 10901, seq 1, length 64</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)"><span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">Security Association:</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">=================</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">root@10:~ >ip x s</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">src 10.10.10.11 dst 10.10.10.10</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">proto esp spi 0xc599369c <span class="il" style="background-color:rgb(255,255,204)">reqid</span> 1 mode tunnel</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">replay-window 0 flag 20</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">auth hmac(sha1) 0xbf6a1a52216d4daebb5bb18f9b84e119a7248c9e</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">enc cbc(aes) 0xed45eb6c03ae379b0c51c6739fb74bf9</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">src 10.10.10.10 dst 10.10.10.11</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">proto esp spi 0xc6c50120 <span class="il" style="background-color:rgb(255,255,204)">reqid</span> 1 mode tunnel</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">replay-window 0 flag 20</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">auth hmac(sha1) 0xf132e706c40deeda21e9147f2dee624423468fa0</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">enc cbc(aes) 0xafdf0fa8e923e35112ace1975044cc75</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">src 10.10.10.11 dst 10.10.10.10</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">proto esp spi 0xc699d2d5 <span class="il" style="background-color:rgb(255,255,204)">reqid</span> 2 mode tunnel</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">replay-window 0 flag 20</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">auth hmac(sha1) 0xc8b39b92ac18c211f5eb32cd6d7d9e10095b0413</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">enc cbc(aes) 0x4997e1f2a391bfdaf1e251fcd18eafd7</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">src 10.10.10.10 dst 10.10.10.11</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">proto esp </span><font color="red" style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">spi 0xc869e935 </font><span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)"><span class="il" style="background-color:rgb(255,255,204)">reqid</span> 2 mode tunnel</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">replay-window 0 flag 20</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">auth hmac(sha1) 0x000e5af11f3ff6385af7c1452e1e472b5e997f16</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">enc cbc(aes) 0x6eca8ddfa393bb18207de3e75e60bd1d</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)"><span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">Security Policy:</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">=============</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">root@10:~ >ip x p</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">src <a href="http://2.2.2.2/32" target="_blank" style="color:rgb(17,85,204)">2.2.2.2/32</a> dst <a href="http://12.12.12.12/32" target="_blank" style="color:rgb(17,85,204)">12.12.12.12/32</a></span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">dir fwd priority 1</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">tmpl src 10.10.10.10 dst 10.10.10.11</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">proto esp <span class="il" style="background-color:rgb(255,255,204)">reqid</span> 1 mode tunnel</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">src <a href="http://2.2.2.2/32" target="_blank" style="color:rgb(17,85,204)">2.2.2.2/32</a> dst <a href="http://12.12.12.12/32" target="_blank" style="color:rgb(17,85,204)">12.12.12.12/32</a></span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">dir in priority 1</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">tmpl src 10.10.10.10 dst 10.10.10.11</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">proto esp </span><font color="red" style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)"><span class="il" style="background-color:rgb(255,255,204);color:rgb(34,34,34);background-repeat:initial initial">reqid</span> 1</font><span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)"> mode tunnel </span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">src <a href="http://12.12.12.12/32" target="_blank" style="color:rgb(17,85,204)">12.12.12.12/32</a> dst <a href="http://2.2.2.2/32" target="_blank" style="color:rgb(17,85,204)">2.2.2.2/32</a></span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">dir out priority 1</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">tmpl src 10.10.10.11 dst 10.10.10.10</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">proto esp <span class="il" style="background-color:rgb(255,255,204)">reqid</span> 1 mode tunnel</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)"><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">root@10:~ >cat /proc/net/xfrm_stat</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">XfrmInError 0</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">XfrmInBufferError 0</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">XfrmInHdrError 0</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">XfrmInNoStates 10</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">XfrmInStateProtoError 0</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">XfrmInStateModeError 0</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">XfrmInStateSeqError 0</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">XfrmInStateExpired 0</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">XfrmInStateMismatch 0</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">XfrmInStateInvalid 0</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<font color="red" style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">XfrmInTmplMismatch 121</font><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">XfrmInNoPols 0</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<span style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">XfrmInPolBlock 0</span><br style="color:rgb(34,34,34);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.600000381469727px;background-color:rgb(207,217,255)">
<br>Thanks.<div>Jegathesh</div><div><br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>Sent: Thursday, May 23, 2013 1:17 PM<br>
To: Christophe Gouault<br>
Cc: <a href="mailto:dev@lists.strongswan.org">dev@lists.strongswan.org</a><br>
Subject: Re: [strongSwan-dev] rationale of reqid update on responder side<br>
<br>
<br>
> Does this mean we decide to give up older SAs as soon as we establish a new<br>
> CHILD_SA as responder? This may not be what the remote peer wants (otherwise<br>
> it would have *rekeyed* the SA instead).<br>
<br>
No. It means that two different CHILD_SAs triggered from the same trap<br>
policy use the same reqid.<br>
<br>
Assuming a trap policy to <a href="http://10.0.0.0/16" target="_blank">10.0.0.0/16</a>, and traffic to 10.0.1.1 triggers<br>
an SA. The responder, however, narrows the traffic selector to<br>
<a href="http://10.0.1.0/24" target="_blank">10.0.1.0/24</a>. Now you have traffic to 10.0.2.1, which triggers another<br>
CHILD_SA, which might get narrowed by the responder to <a href="http://10.0.2.0/24" target="_blank">10.0.2.0/24</a>.<br>
<br>
So you'll have two CHILD_SA with the same reqid (that of the trap<br>
policy). This is problematic for the kernel, which uses the reqid to map<br>
policies to SAs.<br>
<br>
> According to what I observed, the trap CHILD_SA is left unchanged, but<br>
> the policy in the kernel is updated with the new CHILD_SA reqid (I agree<br>
> that itis necessary if we want the SA to be used).<br>
><br>
> However, the trap CHILD_SA becomes unusable because it mismatches the<br>
> policy reqid.<br>
<br>
Yes. Because we can't have two identical policies in XFRM, we use<br>
refcounting to install it only once. This doesn't work for different<br>
reqids, as only one reqid can be active for these refcounted policies.<br>
<br>
This is why we reuse the reqid of a trap policy when installing an SA<br>
triggered by it. And this is what we should do when we install an SA as<br>
responder for which we have a trap installed.<br>
<br>
Regards<br>
Martin<br>
<br>
<br>
_______________________________________________<br>
Dev mailing list<br>
<a href="mailto:Dev@lists.strongswan.org">Dev@lists.strongswan.org</a><br>
<a href="https://lists.strongswan.org/mailman/listinfo/dev" target="_blank">https://lists.strongswan.org/mailman/listinfo/dev</a><br>
</blockquote></div><br><br></div></div>