<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi,<div class=""><br class=""></div><div class="">I upgraded my Ubuntu 16.04 LTS to 18.04 LTS (and now same for 20.04 LTS) but after upgrading all my VPN clients get the same IP; this does not happen in 16.04 with the exact same strongswan config…. </div><div class=""><br class=""></div><blockquote class="" style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><div class=""><div class=""><font face="Menlo" class="">$ cat /etc/ipsec.conf</font></div></div><div class=""><div class=""><font face="Menlo" class="">config setup</font></div></div><div class=""><div class=""><font face="Menlo" class="">  charondebug="ike 4, knl 4, cfg 4, net 4, esp 4, dmn 4,  mgr 4"</font></div></div><div class=""><div class=""><font face="Menlo" class="">  uniqueids=no</font></div></div><div class=""><div class=""><font face="Menlo" class=""><br class=""></font></div></div><div class=""><div class=""><font face="Menlo" class="">conn ikev2-vpn</font></div></div><div class=""><div class=""><font face="Menlo" class="">  auto=add</font></div></div><div class=""><div class=""><font face="Menlo" class="">  compress=no</font></div></div><div class=""><div class=""><font face="Menlo" class="">  type=tunnel</font></div></div><div class=""><div class=""><font face="Menlo" class="">  keyexchange=ikev2</font></div></div><div class=""><div class=""><font face="Menlo" class="">  fragmentation=yes</font></div></div><div class=""><div class=""><font face="Menlo" class="">  forceencaps=yes</font></div></div><div class=""><div class=""><font face="Menlo" class="">  ike=3des-sha1-modp1024!</font></div></div><div class=""><div class=""><font face="Menlo" class="">  esp=3des-sha1!</font></div></div><div class=""><div class=""><font face="Menlo" class="">  dpdaction=clear</font></div></div><div class=""><div class=""><font face="Menlo" class="">  dpddelay=300s</font></div></div><div class=""><div class=""><font face="Menlo" class="">  rekey=no</font></div></div><div class=""><div class=""><font face="Menlo" class="">  left=%any</font></div></div><div class=""><div class=""><font face="Menlo" class="">  <a href="mailto:leftid=@my.domain.com" class="">leftid=@my.domain.com</a></font></div></div><div class=""><div class=""><font face="Menlo" class="">  leftcert=server-cert.pem</font></div></div><div class=""><div class=""><font face="Menlo" class="">  leftsendcert=always</font></div></div><div class=""><div class=""><font face="Menlo" class="">  leftsubnet=0.0.0.0/0</font></div></div><div class=""><div class=""><font face="Menlo" class="">  right=%any</font></div></div><div class=""><div class=""><font face="Menlo" class="">  rightid=%any</font></div></div><div class=""><div class=""><font face="Menlo" class="">  rightauth=eap-mschapv2</font></div></div><div class=""><div class=""><font face="Menlo" class="">  rightsourceip=10.0.214.220-10.0.214.250</font></div></div><div class=""><div class=""><font face="Menlo" class="">  rightdns=10.0.214.1</font></div></div><div class=""><div class=""><font face="Menlo" class="">  rightsendcert=never</font></div></div><div class=""><div class=""><font face="Menlo" class="">  eap_identity=%identity</font></div></div></blockquote><div class=""><br class=""></div><div class=""><b class="">All clients get assigned the first IP in the range, <span class="" style="font-family: Menlo;">10.0.214.220 - in this case all 3 clients have this address, see below (both 18.04 LTS and 20.04 LTS)</span></b></div><div class=""><b class=""><span class="" style="font-family: Menlo;"><br class=""></span></b></div><div class=""><span class=""><span class=""><div class=""><div class="" style="font-family: Helvetica; font-weight: normal;"><font face="Menlo" class="">root@vpn:~# ipsec leases</font></div><div class="" style="font-family: Helvetica; font-weight: normal;"><font face="Menlo" class="">Leases in pool '10.0.214.220-10.0.214.250', usage: 1/31, 1 online</font></div><div class="" style="font-family: Helvetica; font-weight: normal;"><font face="Menlo" class="">     10.0.214.220   online   ‘<i class="">userid</i>'</font></div><div class="" style="font-family: Helvetica; font-weight: normal;"><font face="Menlo" class="">root@vpn:~#</font></div><div class="" style="font-family: Helvetica; font-weight: normal;"><font face="Menlo" class=""><br class=""></font></div><div class="" style="font-family: Helvetica; font-weight: normal;"><br class=""></div><div class="" style="font-family: Helvetica; font-weight: normal;"><b class="">With 16.04 LTS it works as intended:</b></div><div class=""><div class="" style="font-family: Helvetica; font-weight: normal;"><font face="Menlo" class="">root@vpn:~# ipsec leases</font></div><div class="" style="font-family: Helvetica; font-weight: normal;"><font face="Menlo" class="">Leases in pool '10.0.214.220-10.0.214.250', usage: 3/31, 3 online</font></div><div class="" style="font-family: Helvetica; font-weight: normal;"><font face="Menlo" class="">     10.0.214.220   online   ‘<i class="">userid</i>'</font></div><div class="" style="font-family: Helvetica; font-weight: normal;"><font face="Menlo" class="">     10.0.214.221   online   ‘<i class="">userid</i>'</font></div><div class="" style="font-family: Helvetica; font-weight: normal;"><font face="Menlo" class="">     10.0.214.222   online   ‘<i class="">userid</i>'</font></div><div class="" style="font-family: Helvetica; font-weight: normal;"><font face="Menlo" class="">root@vpn:~#</font></div><div class="" style="font-family: Helvetica; font-weight: normal;"><font face="Menlo" class=""><br class=""></font></div><div class="" style="font-family: Helvetica; font-weight: normal;"><font face="Menlo" class=""><br class=""></font></div><div class="" style="font-family: Helvetica; font-weight: normal;"><font face="Menlo" class=""><b class="" style="font-family: Helvetica;">If I change:</b></font></div><div class="" style="font-family: Helvetica; font-weight: normal;"><font face="Menlo" class=""><b class="" style="font-family: Helvetica;"><span style="font-family: Menlo; font-weight: normal;" class="">rightsourceip=10.0.214.220-10.0.214.250</span></b></font></div><div class=""><br class=""></div><div class=""><b class="">to:</b></div><div class=""><span style="font-family: Menlo;" class="">rightsourceip=10.0.214.0/24</span></div><div class=""><span style="font-family: Menlo;" class=""><br class=""></span></div><div class=""><span class="">The VPN server then hands out unique IPs in both 18.04 LTS and 20.04 LTS but I don't want the the VPN server to use the whole subnet<b class="">, </b>any suggestions?</span></div><div class=""><span class=""><br class=""></span></div><div class=""><span class="">Thanks,</span></div><div class=""><span class="">Magnus</span></div></div></div></span></span></div></body></html>