[strongSwan] Lease assigned multiple times
Jan Engelhardt
jengelh at medozas.de
Thu Aug 26 13:10:53 CEST 2010
Hi,
I get in /var/log/messages
charon: 14[IKE] peer requested virtual IP 1.0.0.7
charon: 14[CFG] reassigning offline lease to 'C=DE, ...'
charon: 14[IKE] assigning virtual IP 1.0.0.9 to peer
Why does charon suddently pick a different address than the requested
one? Above all, 1.0.0.9 is already assigned.
I am using uniqueids=no, so maybe the lease mechanism just does not work
in conjunction with that? What I would really like is that (x509_name,
source_ip_address, source_port) creates the unique tuple, and not just
the x509_name.
# ipsec status
Security Associations:
client[18]: ESTABLISHED 2 hours ago, 82.20.113.211[C=DE, ...]...84.1.198.135[C=DE, ...]
client{17}: INSTALLED, TUNNEL, ESP in UDP SPIs: ce4df11f_i c65d2d51_o
client{17}: 82.20.113.211/32 === 1.0.0.7/32
client[22]: ESTABLISHED 47 minutes ago, 82.20.113.211[C=DE, ...]...86.234.212.127[C=DE, ...]
client{21}: INSTALLED, TUNNEL, ESP in UDP SPIs: c999f1c7_i cb59c185_o
client{21}: 82.20.113.211/32 === 1.0.0.9/32
client[23]: ESTABLISHED 30 minutes ago, 82.20.113.211[C=DE, ...]...211.60.232.164[C=DE, ...]
client{22}: INSTALLED, TUNNEL, ESP in UDP SPIs: c368f53c_i c17c8ba3_o
client{22}: 82.20.113.211/32 === 1.0.0.9/32
client[24]: ESTABLISHED 29 minutes ago, 82.20.113.211[C=DE, ...]...86.234.212.127[C=DE, ...]
client{23}: INSTALLED, TUNNEL, ESP in UDP SPIs: c9a8bb89_i c2a13094_o
client{23}: 82.20.113.211/32 === 1.0.0.9/32
# ipsec leases
Leases in pool 'client', usage: 1/16777215, 139887084830721 online
1.0.0.9 online 'C=DE, ...'
#ipsec.conf
config setup
plutostart=no
uniqueids=no
conn client
left=82.20.113.211
right=%any
rightsourceip=1.0.0.0/8
auto=start
keyexchange=ikev2
leftcert="/etc/ipsec.d/certs/client.pem"
rightcert="/etc/ipsec.d/certs/client.pem"
More information about the Users
mailing list