[strongSwan] virtual IP assignement fails if previous tunnel not properly shutdown

[Martin Willi]

> My pool is already quite large and has many addresses available.

The memory pool in 4.4.1 is limited to a single IP for each ID. This has
been fixed with 4.5.0, where you can assign multiple leases to the same
identity. Upgrading your server to 4.5.0 should fix the problem.

> Do you know when strongSwan detects that the tunnel is dead and
> releases the lease for the IP otherwise?

Depends on your configuration, ~2min after the server initiates an
exchange on this connection. This exchange might be triggered by a
rekey, or can be enforced with DPD checks (man ipsec.conf for dpd).

Regards
Martin