<div>Hi,</div>
<div> </div>
<div>I have two end-points, between which I have created two identical tunnels. However, the command "ipsec status" does not show the two tunnels in the way I expect. Please find the required info below:</div>
<div> </div>
<div><u>/etc/ipsec.conf on end-point 1:</u></div>
<div><a href="mailto:root@vc1_TPC2">root@vc1_TPC2</a>:~# cat /etc/ipsec.conf<br># ipsec.conf - strongSwan IPsec configuration file</div>
<div># basic configuration</div>
<div>config setup<br>        #plutostderrlog=/var/log/syslog<br>        # plutodebug=control<br>        # crlcheckinterval=600<br>        strictcrlpolicy=no<br>        # cachecrls=yes<br>        # nat_traversal=yes<br>        charonstart=yes<br>
        charondebug=control<br>        plutostart=no</div>
<div># Add connections here.</div>
<div><br>ca strongswan<br>        cacert=caCert.der<br>        auto=add</div>
<div>conn %default<br>        type=tunnel<br>        left=169.254.0.70<br>        leftcert=VC1Cert.der<br>        right=169.254.1.70<br>        rightid="C=CH, O=strongSwan, CN=169.254.1.70"<br>        keyexchange=ikev2<br>
        auto=start</div>
<div>conn tunnel1<br>        leftsubnet=<a href="http://169.254.0.0/24">169.254.0.0/24</a><br>        rightsubnet=<a href="http://169.254.1.0/24">169.254.1.0/24</a><br>        mark=10</div>
<div>conn tunnel2<br>        leftsubnet=<a href="http://169.254.0.0/24">169.254.0.0/24</a><br>        rightsubnet=<a href="http://169.254.1.0/24">169.254.1.0/24</a><br>        mark=20</div>
<div><br> </div>
<div><u>/etc/ipsec.conf on end-point 2:</u></div>
<div><a href="mailto:root@vc2_TPC2">root@vc2_TPC2</a>:~#  cat /etc/ipsec.conf<br># ipsec.conf - strongSwan IPsec configuration file</div>
<div># basic configuration</div>
<div>config setup<br>        # plutodebug=control<br>        # crlcheckinterval=600<br>         strictcrlpolicy=no<br>        # cachecrls=yes<br>        # nat_traversal=yes<br>        charonstart=yes<br>        plutostart=no<br>
        charondebug=control</div>
<div># Add connections here.</div>
<div><br>ca strongswan<br>        cacert=caCert.der<br>        auto=add</div>
<div>conn %default<br>        type=tunnel<br>        left=169.254.1.70<br>        leftcert=VC2Cert.der<br>        right=169.254.0.70<br>        rightid="C=CH, O=strongSwan, CN=169.254.0.70"<br>        keyexchange=ikev2<br>
        auto=start</div>
<div>conn tunnel1<br>        leftsubnet=<a href="http://169.254.1.0/24">169.254.1.0/24</a><br>        rightsubnet=<a href="http://169.254.0.0/24">169.254.0.0/24</a><br>        mark=10</div>
<div>conn tunnel2<br>        leftsubnet=<a href="http://169.254.1.0/24">169.254.1.0/24</a><br>        rightsubnet=<a href="http://169.254.0.0/24">169.254.0.0/24</a><br>        mark=20</div>
<div><br> </div>
<div><u>ipsec status on end-point 1:</u></div>
<div> <a href="mailto:root@vc1_TPC2">root@vc1_TPC2</a>:~# ipsec status<br>Security Associations:<br>     tunnel1[1]: ESTABLISHED 14 minutes ago, 169.254.0.70[C=CH, O=strongSwan, CN=169.254.0.70]...169.254.1.70[C=CH, O=strongSwan, CN=169.254.1.70]<br>
     tunnel1{3}:  INSTALLED, TUNNEL, ESP SPIs: ccd3d0ec_i c8d1ad66_o<br>     tunnel1{3}:   <a href="http://169.254.0.0/24">169.254.0.0/24</a> === <a href="http://169.254.1.0/24">169.254.1.0/24</a><br>     tunnel2{4}:  INSTALLED, TUNNEL, ESP SPIs: cc6da619_i c28e4022_o<br>
     tunnel2{4}:   <a href="http://169.254.0.0/24">169.254.0.0/24</a> === <a href="http://169.254.1.0/24">169.254.1.0/24</a><br></div>
<div> </div>
<div><u>ipsec status on end-point 2: </u></div>
<div><a href="mailto:root@vc2_TPC2">root@vc2_TPC2</a>:~# ipsec status<br>Security Associations:<br>     tunnel1[2]: ESTABLISHED 14 minutes ago, 169.254.1.70[C=CH, O=strongSwan, CN=169.254.1.70]...169.254.0.70[C=CH, O=strongSwan, CN=169.254.0.70]<br>
     tunnel1{3}:  INSTALLED, TUNNEL, ESP SPIs: c8d1ad66_i ccd3d0ec_o<br>     tunnel1{3}:   <a href="http://169.254.1.0/24">169.254.1.0/24</a> === <a href="http://169.254.0.0/24">169.254.0.0/24</a><br>     tunnel1{4}:  INSTALLED, TUNNEL, ESP SPIs: c28e4022_i cc6da619_o<br>
     tunnel1{4}:   <a href="http://169.254.1.0/24">169.254.1.0/24</a> === <a href="http://169.254.0.0/24">169.254.0.0/24</a><br></div>
<div>The questions I have are:</div>
<div>1. End-point 1 shows tunnel1{3} and tunnel2{4}, while end-point 2 shows only tunnel1 with either {3} or {4}. Could you please tell me why it does not show tunnel2? Also, this varies from time to time. Sometimes the numbers in flower brackets are different, and sometimes they are the same. </div>

<div>2. What do the numbers in flower brackets denote? </div>
<div> </div>
<div>Also, please let me know if I have configured anything incorrectly, which may be causing this.</div>
<div> </div>
<div>Thanks and regards,</div>
<div>Meera </div>
<div> </div>