[strongSwan-dev] [strongswan ]: Multiple IKE SA initiated for with Same Connection Name version 4.5.3

jegathesh malaiyappan mjegakathir at gmail.com
Sat Apr 6 13:03:12 CEST 2013 

Hi,

*Strongswan Version*:  4.5.3

I have a two policy with same Local End point and remote end point , as a
connection name of *"conn2 & conn3"*.

One IKE SA and Two Child SA Established successfully. Otherend, i am
downing the strongswan and IKE SA and Two Child SA's are deleted.

Now, I am re-triggering the two connection using the following,

*         ipsec up conn2 & *

*         ipsec up conn3 & *

But, two IKE SA established with name of  conn2.



<snip>

conn2[2]: ESTABLISHED 7 seconds ago, 11.1.1.1[192.168.255.129]...11.1.1.10

       conn2[2]: IKE SPIs: 285b6ac581fd9df5_i* d16466cdf884bcc2_r, rekeying
in 23 hours

       conn2[2]: IKE proposal:
AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024



       conn2[3]: ESTABLISHED 7 seconds ago,
11.1.1.1[192.168.255.129]...11.1.1.10

       conn2[3]: IKE SPIs: 902b959bb0edd0d7_i* 55c7d31308336b14_r, rekeying
in 23 hours

       conn2[3]: IKE proposal:
AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024

 </snip>



Strongswan Logs:

==============



2004-01-01T00:06:40.739454+00:00 10 [info]      charon:  16[CFG] received
stroke: initiate 'conn2'

2004-01-01T00:06:40.739507+00:00 10 [info]      charon:  16[CFG] received
stroke: initiate 'conn2'

2004-01-01T00:06:40.740338+00:00 10 [info]      charon:  14[IKE] initiating
IKE_SA conn2[2] to 11.1.1.10

2004-01-01T00:06:40.740378+00:00 10 [info]      charon:  14[IKE] initiating
IKE_SA conn2[2] to 11.1.1.10



2004-01-01T00:06:40.752523+00:00 10 [info]      charon:  08[CFG] received
stroke: initiate 'conn3'

2004-01-01T00:06:40.752571+00:00 10 [info]      charon:  08[CFG] received
stroke: initiate 'conn3'

2004-01-01T00:06:40.753148+00:00 10 [info]      charon:  15[IKE] initiating
IKE_SA conn2[3] to 11.1.1.10

2004-01-01T00:06:40.753187+00:00 10 [info]      charon:  15[IKE] initiating
IKE_SA conn2[3] to 11.1.1.10



Is this expected behaviour in strongswan?



Please someone help me on this.



-- 

By

M.Jegathesh,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130406/8a972e78/attachment.html>

More information about the Dev mailing list