<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
No joy, w/ <span
style="color:rgb(80,0,80);font-size:12.8000001907349px">rightsubnet=</span><a
moz-do-not-send="true" href="http://10.255.0.0/16"
style="font-size:12.8000001907349px" target="_blank">10.255.0.0/16</a><span
style="color:rgb(80,0,80);font-size:12.8000001907349px"> </span><br>
<br>
results in <br>
<br>
Apr 24 20:28:44 accel charon: 06[IKE] peer requested virtual IP %any<br>
Apr 24 20:28:44 accel charon: 06[IKE] no virtual IP found for %any
requested by 'actmobile'<br>
<br>
The odd thing is running 5.0.2 strongswan that same config using <span
style="color:rgb(80,0,80);font-size:12.8000001907349px">rightsourceip=</span><a
moz-do-not-send="true" href="http://10.255.0.0/16"
style="font-size:12.8000001907349px" target="_blank">10.255.0.0/16</a>,
the clients do get different addresses from the pool, but on 5.3.0,
they are all getting the same?<br>
<br>
<div class="moz-cite-prefix">On 4/24/15 12:20 PM, Miroslav Svoboda
wrote:<br>
</div>
<blockquote
cite="mid:CAD6VQRKRkcvx908m5Q718vW14d-woCt1tREp7Aw833KYFyassw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_quote">
<div dir="ltr">
<div class="gmail_quote">
<div dir="ltr">This is not good. Possibly, what we solved
was just a result, not the root cause.</div>
<div dir="ltr">
<div>Before, I overlooked the configuration issue; maybe
you will want to enable uniqueids again once fixed.</div>
<div><br>
</div>
<div>Instead of:</div>
<div><span
style="color:rgb(80,0,80);font-size:12.8000001907349px">rightsourceip=</span><a
moz-do-not-send="true" href="http://10.255.0.0/16"
style="font-size:12.8000001907349px" target="_blank">10.255.0.0/16</a><br>
</div>
<div>there should be:</div>
<div><span
style="color:rgb(80,0,80);font-size:12.8000001907349px">rightsubnet=</span><a
moz-do-not-send="true" href="http://10.255.0.0/16"
style="font-size:12.8000001907349px" target="_blank">10.255.0.0/16</a><span
style="color:rgb(80,0,80);font-size:12.8000001907349px"> </span><span
style="color:rgb(80,0,80);font-size:12.8000001907349px"> </span><br>
</div>
<div><br>
</div>
<div>Logs will be even better if you include directive
in "charon-logging.conf":</div>
<div><span style="font-size:12.8000001907349px">ike_name
= yes</span><br>
</div>
<div><span style="font-size:12.8000001907349px"><br>
</span></div>
<div><span style="font-size:12.8000001907349px">M.</span></div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div>
<div dir="ltr">
<div>
<div dir="ltr">Miroslav Svoboda | <a
moz-do-not-send="true"
href="tel:%2B420%20608%20224%20486"
value="+420608224486" target="_blank">+420
608 224 486</a></div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On 24 April 2015 at 21:02,
Andrew Foss <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:afoss@actmobile.com" target="_blank">afoss@actmobile.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px
0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Miroslav,<br>
<br>
thank you, that did it! Wow, did I log some hours
trying different combinations, but didn't get that
one and you also helped by suggesting I turn off
enc logging, now my logs are more helpful, before
they always ended in "dropped rate-limiting" so
really weren't telling me much.<br>
<br>
Interestingly, both the connected devices now have
the same virtual ip <a moz-do-not-send="true"
href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a>,
but both seem to be working fine and the 2 devices
never need to talk directly to one another, so
maybe all the devices can use/assign the same ip
address for the client's tunnel? Is that a common
way to run?<br>
<br>
andrew<br>
<br>
<div>On 4/24/15 11:36 AM, Miroslav Svoboda wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">This is the problem:
<div><span
style="font-size:12.8000001907349px">Apr
24 17:21:43 accel charon: 10[IKE] deleting
duplicate IKE_SA for peer 'actmobile' due
to uniqueness policy</span><br>
</div>
<div><span
style="font-size:12.8000001907349px"><br>
</span></div>
<div><span
style="font-size:12.8000001907349px">Look
for config option "uniqueids" here: <a
moz-do-not-send="true"
href="https://wiki.strongswan.org/projects/strongswan/wiki/ConfigSetupSection"
target="_blank">https://wiki.strongswan.org/projects/strongswan/wiki/ConfigSetupSection</a></span></div>
<div><span
style="font-size:12.8000001907349px"><br>
</span></div>
<div><span
style="font-size:12.8000001907349px">M.</span></div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div>
<div dir="ltr">
<div>
<div dir="ltr">Miroslav Svoboda | <a
moz-do-not-send="true"
href="tel:%2B420%20608%20224%20486"
value="+420608224486"
target="_blank">+420 608 224 486</a></div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.strongswan.org/mailman/listinfo/users">https://lists.strongswan.org/mailman/listinfo/users</a></pre>
</blockquote>
<br>
</body>
</html>