[strongSwan] Problem: "unable to install policy -the same policy for reqid XXXX exists "
Felipe Arturo Polanco
felipeapolanco at gmail.com
Sat Dec 1 16:47:42 CET 2018
Hi Sven,
You can try to manually specify the reqid in your ipsec.conf file, as per
your log messages a second CHILD_SA is trying to install the same traffic
selectors as a previous CHILD_SA.
Also I believe there is a 'unique=yes' option that should reuse the same
previously assigned reqid and prevent the creation of multiple CHILD_SA
that may conflict with each other.
On Fri, Nov 30, 2018 at 5:14 PM Sven Anders <anders at anduras.de> wrote:
> Am 28.11.18 um 11:31 schrieb Tobias Brunner:
> > Hi Sven,
> >
> >> So the problem is known?
> >
> > Not really, but maybe something changed that avoids the issue, and I
> > don't particularly fancy debugging old versions.
> >
> >> Which version should I use at least. Will 5.6.3 be enough or
> >> should I use 5.7.1 instead?
> >
> > If you consider updating, use the latest.
>
> I will do it, but it will take some time until we can deploy it
> to the customer...
>
> >> There are many request and the log file is very long.
> >
> > So?
> >
> >> What kind of message do you expect or what should I search for?
> >
> > For instance, messages around refcount changes of the policies. You can
> > also post it somewhere for us to have a look at.
>
> Thank you,
>
> I will send you a link to download it. If anybody want the log output too,
> to analyse
> it, I will send you the link.
>
>
> Regards
> Sven Anders
>
> --
> Sven Anders <anders at anduras.de> () UTF-8 Ribbon Campaign
> /\ Support plain text
> e-mail
> ANDURAS intranet security AG
> Messestrasse 3 - 94036 Passau - Germany
> Web: www.anduras.de - Tel: +49 (0)851-4 90 50-0 - Fax: +49 (0)851-4 90
> 50-55
>
> Those who would give up essential Liberty, to purchase a little
> temporary Safety, deserve neither Liberty nor Safety.
> - Benjamin Franklin
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20181201/dfdba147/attachment.html>
More information about the Users
mailing list