[strongSwan-dev] [strongswan ]: Multiple IKE SA initiated for with Same Connection Name version 4.5.3

jegathesh malaiyappan mjegakathir at gmail.com
Mon Apr 8 12:22:21 CEST 2013


Hi,

Anyone idea on this issue for "Multiple IKE SA" request for same
connection? Is there any bug in strongswan version 4.5.3 for this scenario?

Thanks.
Jegathesh.M


On Sat, Apr 6, 2013 at 4:33 PM, jegathesh malaiyappan <mjegakathir at gmail.com
> wrote:

> Hi,
>
> *Strongswan Version*:  4.5.3
>
> I have a two policy with same Local End point and remote end point , as a
> connection name of *"conn2 & conn3"*.
>
> One IKE SA and Two Child SA Established successfully. Otherend, i am
> downing the strongswan and IKE SA and Two Child SA's are deleted.
>
> Now, I am re-triggering the two connection using the following,
>
> *         ipsec up conn2 & *
>
> *         ipsec up conn3 & *
>
> But, two IKE SA established with name of  conn2.
>
>
>
> <snip>
>
> conn2[2]: ESTABLISHED 7 seconds ago, 11.1.1.1[192.168.255.129]...11.1.1.10
>
>        conn2[2]: IKE SPIs: 285b6ac581fd9df5_i* d16466cdf884bcc2_r,
> rekeying in 23 hours
>
>        conn2[2]: IKE proposal:
> AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
>
>
>
>        conn2[3]: ESTABLISHED 7 seconds ago,
> 11.1.1.1[192.168.255.129]...11.1.1.10
>
>        conn2[3]: IKE SPIs: 902b959bb0edd0d7_i* 55c7d31308336b14_r,
> rekeying in 23 hours
>
>        conn2[3]: IKE proposal:
> AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
>
>  </snip>
>
>
>
> Strongswan Logs:
>
> ==============
>
>
>
> 2004-01-01T00:06:40.739454+00:00 10 [info]      charon:  16[CFG] received
> stroke: initiate 'conn2'
>
> 2004-01-01T00:06:40.739507+00:00 10 [info]      charon:  16[CFG] received
> stroke: initiate 'conn2'
>
> 2004-01-01T00:06:40.740338+00:00 10 [info]      charon:  14[IKE]
> initiating IKE_SA conn2[2] to 11.1.1.10
>
> 2004-01-01T00:06:40.740378+00:00 10 [info]      charon:  14[IKE]
> initiating IKE_SA conn2[2] to 11.1.1.10
>
>
>
> 2004-01-01T00:06:40.752523+00:00 10 [info]      charon:  08[CFG] received
> stroke: initiate 'conn3'
>
> 2004-01-01T00:06:40.752571+00:00 10 [info]      charon:  08[CFG] received
> stroke: initiate 'conn3'
>
> 2004-01-01T00:06:40.753148+00:00 10 [info]      charon:  15[IKE]
> initiating IKE_SA conn2[3] to 11.1.1.10
>
> 2004-01-01T00:06:40.753187+00:00 10 [info]      charon:  15[IKE]
> initiating IKE_SA conn2[3] to 11.1.1.10
>
>
>
> Is this expected behaviour in strongswan?
>
>
>
> Please someone help me on this.
>
>
>
> --
>
> By
>
> M.Jegathesh,
>
>
>
>


-- 
By
M.Jegathesh,
Bangalore
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130408/4d362ea1/attachment.html>


More information about the Dev mailing list