[strongSwan] virtual IP assignement fails if previous tunnel not properly shutdown
martin at strongswan.org
Thu Dec 2 11:36:27 CET 2010
> 'CN=game.foo.com' already has an online lease, unable to assign address
> Is there a way to force the IP address assignment for the new tunnel in
> this case?
No, currently not. The address is reserved, and the daemon won't assign
The ipsec.conf uniqueids option won't work either, as it gracefully
negotiates the shutdown of the old tunnel. As the peer won't respond on
this SA, this takes several retransmits.
This is a good case where the INITIAL_CONTACT notify could delete the
old SA, but we currently do not support it.
One option is to set leftsourceip on the client to the specific IP, the
server will reassign it in this case. But this probably won't solve the
problem, you'll have a conflict between the old and the new CHILD_SA.
The only solution I currently see is to use a larger pool with multiple
More information about the Users