<div dir="ltr">Hi,<div><br></div><div>I'm using SS v4.6.3 configured to support iPhone devices.</div><div>After successfully connecting an iPhone, when i try to connect another iPhone or Racoon (with different username and certificate from same CA) the first connection is disconnected. As a result, i can only have one active connection at a time.</div>
<div><br></div><div>This is what is see in the log (164.40.134.185 initiates new connection and 109.64.217.197 is being disconnected):</div><div><br></div><div><div>"ios"[3] 164.40.134.185 #4: we have a cert and are sending it upon request</div>
<div>Jul 1 16:56:08 02104-8-1222487 pluto[12915]: "ios"[3] 164.40.134.185 #4: deleting connection "ios" instance with peer 109.64.217.197 {isakmp=#2/ipsec=#3}</div><div>Jul 1 16:56:08 02104-8-1222487 pluto[12915]: "ios" #3: deleting state (STATE_QUICK_R2)</div>
<div>Jul 1 16:56:08 02104-8-1222487 pluto[12915]: "ios" #2: deleting state (STATE_MODE_CFG_R1)</div><div>Jul 1 16:56:08 02104-8-1222487 pluto[12915]: | unref key: 0x174acb0 0x174ab10 cnt 1 'C=CH, O=LacoonSecurity, CN=client'</div>
<div>Jul 1 16:56:08 02104-8-1222487 pluto[12915]: "ios"[3] 164.40.134.185 #4: unroute-client output: /usr/libexec/ipsec/_updown: doroute `ip route delete <a href="http://10.0.0.3/32">10.0.0.3/32</a> via 109.64.217.197 dev eth0 src 10.0.0.15 table 220' failed (RTNETLINK answers: No such process)</div>
</div><div><br></div><div>Any idea whats causing this behavior?<br></div><div><br></div><div>Thanks!</div><div><br></div><div>ipsec.conf is below:</div><div><br></div><div><div>config setup</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>plutodebug=controlmore</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span># crlcheckinterval=600</div><div><span class="Apple-tab-span" style="white-space:pre"> </span># strictcrlpolicy=yes</div><div><span class="Apple-tab-span" style="white-space:pre"> </span># cachecrls=yes</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>nat_traversal=yes</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>charonstart=no</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>plutostart=yes</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span># plutostderrlog=/var/log/plutolog.log</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>uniqueids=yes</div><div><br></div><div><br></div>
<div>conn ios</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>type=tunnel</div><div><span class="Apple-tab-span" style="white-space:pre"> </span># modeconfig=pull</div><div><span class="Apple-tab-span" style="white-space:pre"> </span># installpolicy=yes</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>keyexchange=ikev1</div><div> authby=xauthrsasig </div><div><span class="Apple-tab-span" style="white-space:pre"> </span>xauth=server</div><div>
left=164.40.134.181</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>leftsourceip=10.0.0.15</div><div> leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a></div><div> leftfirewall=yes</div>
<div> leftcert=serverCert.pem</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>leftprotoport=%any</div><div> right=%any</div><div> rightsourceip=<a href="http://10.0.0.1/24">10.0.0.1/24</a></div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>rightsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>rightprotoport=%any</div><div>
<span class="Apple-tab-span" style="white-space:pre"> </span>rightnexthop=%defaultroute</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>rightid=%any</div><div> rightcert=clientCert.pem</div>
<div> pfs=no</div><div> auto=add</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> dpdaction=clear</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> dpddelay=10</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span> dpdtimeout=150</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>rekey=no</div></div></div>