[strongSwan] Connectio breakdown on activating another
Andreas Steffen
andreas.steffen at strongswan.org
Wed Jun 16 16:35:45 CEST 2010
Hi Jan,
the reason is the default setting of uniqueids=yes which
allows only one connection per ID. Since both dave4 and
dave6 use the DN in carol.pem as an ID, the previous
connection is always killed. If you want to change this
behaviour, set
config setup
uniqueids=no
in ipsec.conf
Regards
Andreas
On 06/16/2010 02:56 PM, Jan Engelhardt wrote:
> Hi,
>
>
> On host 'carol', I have a setup like
>
> conn dave4
> left=1.1.1.202
> right=2.2.2.147
> auto=start
> keyexchange=ikev2
> leftcert="carol.pem"
> rightcert="dave.pem"
>
> conn dave6
> left=2001:db8::1
> right=2001:db8::7
> auto=add
> keyexchange=ikev2
> leftcert="carol.pem"
> rightcert="dave.pem"
>
> And an appropriate reverse config (left/right swapped) on host 'dave'.
> When charon is started, it will activate 'dave4' and that works ok.
>
> As soon as I issue `ipsec stroke up dave6`, the dave6 connection is
> brought up and at the same time, dave4 is killed. Why would that be?
>
> thanks,
> Jan
>
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3430 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100616/d73f74d6/attachment.bin>
More information about the Users
mailing list