<div dir="ltr"><div class="gmail_quote"><div dir="ltr"><div class="gmail_quote"><div dir="ltr">This is not good. Possibly, what we solved was just a result, not the root cause.</div><div dir="ltr"><div>Before, I overlooked the configuration issue; maybe you will want to enable uniqueids again once fixed.</div><div><br></div><div>Instead of:</div><div><span style="color:rgb(80,0,80);font-size:12.8000001907349px">rightsourceip=</span><a href="http://10.255.0.0/16" style="font-size:12.8000001907349px" target="_blank">10.255.0.0/16</a><br></div><div>there should be:</div><div><span style="color:rgb(80,0,80);font-size:12.8000001907349px">rightsubnet=</span><a href="http://10.255.0.0/16" style="font-size:12.8000001907349px" target="_blank">10.255.0.0/16</a><span style="color:rgb(80,0,80);font-size:12.8000001907349px"> </span><span style="color:rgb(80,0,80);font-size:12.8000001907349px"> </span><br></div><div><br></div><div>Logs will be even better if you include directive in "charon-logging.conf":</div><div><span style="font-size:12.8000001907349px">ike_name = yes</span><br></div><div><span style="font-size:12.8000001907349px"><br></span></div><div><span style="font-size:12.8000001907349px">M.</span></div></div><div class="gmail_extra"><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr">Miroslav Svoboda | <a href="tel:%2B420%20608%20224%20486" value="+420608224486" target="_blank">+420 608 224 486</a></div></div></div></div></div>
<br><div class="gmail_quote">On 24 April 2015 at 21:02, Andrew Foss <span dir="ltr"><<a href="mailto:afoss@actmobile.com" target="_blank">afoss@actmobile.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Miroslav,<br>
<br>
thank you, that did it! Wow, did I log some hours trying different
combinations, but didn't get that one and you also helped by
suggesting I turn off enc logging, now my logs are more helpful,
before they always ended in "dropped rate-limiting" so really
weren't telling me much.<br>
<br>
Interestingly, both the connected devices now have the same virtual
ip <a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a>, but both seem to be working fine and the 2 devices
never need to talk directly to one another, so maybe all the devices
can use/assign the same ip address for the client's tunnel? Is that
a common way to run?<br>
<br>
andrew<br>
<br>
<div>On 4/24/15 11:36 AM, Miroslav Svoboda
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">This is the problem:
<div><span style="font-size:12.8000001907349px">Apr 24 17:21:43
accel charon: 10[IKE] deleting duplicate IKE_SA for peer
'actmobile' due to uniqueness policy</span><br>
</div>
<div><span style="font-size:12.8000001907349px"><br>
</span></div>
<div><span style="font-size:12.8000001907349px">Look for config
option "uniqueids" here: <a href="https://wiki.strongswan.org/projects/strongswan/wiki/ConfigSetupSection" target="_blank">https://wiki.strongswan.org/projects/strongswan/wiki/ConfigSetupSection</a></span></div>
<div><span style="font-size:12.8000001907349px"><br>
</span></div>
<div><span style="font-size:12.8000001907349px">M.</span></div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div>
<div dir="ltr">
<div>
<div dir="ltr">Miroslav Svoboda | <a href="tel:%2B420%20608%20224%20486" value="+420608224486" target="_blank">+420 608 224 486</a></div>
</div>
</div>
</div>
</div>
</div></blockquote></div></blockquote></div></div></div></div></div><br></div>