<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-8859-1"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.E-MailFormatvorlage17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=DE link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span lang=EN-US>Hi.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>I’ve got a strange problem with my Strongswan VPN:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>As long as I am the single user, my solution works as a charm:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Aug 20 14:52:57 charon: 12[IKE] building INTERNAL_IP4_DNS attribute<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Aug 20 14:52:57 charon: 12[IKE] CHILD_SA nat-t-blho{6} established with SPIs c657a7f9_i 3527c10c_o and TS (fixed IP)/32 === 10.1.1.0/24<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>But the moment another device is trying to establish a separate tunnel to my server, the connection is aborted with following message:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Aug 20 15:09:28 charon: 06[IKE] authentication of 'C=DE, O=(url), CN=(url)@(url)' (myself) with RSA signature successful<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Aug 20 15:09:28 charon: 06[IKE] IKE_SA nat-t-blho[5] established between (fixed IP)[C=DE, O=(url), CN=(url)@(url)]...37.24.26.125[C=DE, O=(url), CN=xplod@(url)]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Aug 20 15:09:28 charon: 06[IKE] IKE_SA nat-t-blho[5] state change: CONNECTING => ESTABLISHED<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Aug 20 15:09:28 charon: 06[IKE] scheduling reauthentication in 3412s<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Aug 20 15:09:28 charon: 06[IKE] maximum IKE_SA lifetime 3592s<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Aug 20 15:09:28 charon: 06[IKE] sending end entity cert "C=DE, O=(url), CN=(url)@(url)"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Aug 20 15:09:28 charon: 06[IKE] peer requested virtual IP %any<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Aug 20 15:09:28 charon: 06[IKE] assigning virtual IP 10.1.1.22 to peer 'C=DE, O=(url), CN=xplod@(url)'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Aug 20 15:09:28 charon: 06[IKE] peer requested virtual IP f100::21<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Aug 20 15:09:28 charon: 06[IKE] no virtual IP found for f100::21 requested by 'C=DE, O=(url), CN=xplod@(url)'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Aug 20 15:09:28 charon: 06[IKE] building INTERNAL_IP4_DNS attribute<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Aug 20 15:09:28 charon: 06[IKE] unable to install IPsec policies (SPD) in kernel<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>I would guess that strongswan opens the same port on the fixed ip twice, resulting in a problem. But I can’t see how to setup my server to allow multiple incoming connections…<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>My current ipsec.conf:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>config setup<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>conn %default<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> ikelifetime=60m<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> keylife=20m<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> rekeymargin=3m<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> keyingtries=3<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> keyexchange=ikev2<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>conn nat-t-blho<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> left=%any<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> leftsourceip=%config4<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> leftcert=(url)_cert.pem<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> leftid="C=DE, O=(url), CN=(url)"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> leftdns=8.8.4.4<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> leftfirewall=yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> right=%any<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> rightsourceip=10.1.1.20/24<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> rightsubnet=10.1.1.0/24<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> auto=add<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Can anybody help me?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Best regards,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dirk<o:p></o:p></span></p></div></body></html>