[strongSwan] Multiple connections with same login and password

Thu Aug 16 12:27:50 CEST 2012

Hello guys!

Please advice me how to configure strongSwan 5.0.0 to accept user
connections from same ip and same user/password?

I compiled latest stable version of strongSwan 5.0.0 on Debian 6 from
source with options:

./configure --sysconfdir=/etc --enable-test-vectors --enable-integrity-test

It already works great with multiple connections from same ip address
BUT with different login/password. When i try to connect second computer
from same ip with same login/pass - connection on first computer, wich
was previously established is disconnected.

I try option "uniqueids=no" but it not helps.

Here is my configs:

/etc/ipsec.conf

config setup
        uniqueids=no
conn ios
        keyexchange=ikev1
        authby=xauthpsk
        xauth=server
        left=SERVERIP
        leftsubnet=0.0.0.0/0
        leftfirewall=yes
        right=%any
        rightsubnet=0.0.0.0/0
        rightsourceip=10.2.0.0/24
        auto=add

conn android
        keyexchange=ikev1
        authby=xauthpsk
        xauth=server
        left=SERVERIP
        leftsubnet=0.0.0.0/0
        right=%any
        rightsourceip=10.2.0.0/24
        modeconfig=push
        auto=add

/etc/strongswan.conf

charon {
        dns1 = 8.8.8.8
        dns2 = 8.8.4.4

filelog {
        /var/log/charon.log {
            time_format = %b %e %T
            append = no
            default = 1
            flush_line = yes
        }
        stderr {
            ike = 2
            knl = 3
            ike_name = yes
        }
    }

#       plugins {

#               sql {
                        # loglevel to log into sql database
#                       loglevel = -1

                        # URI to the database
                        # database = sqlite:///path/to/file.db
                        # database =
mysql://user:password@localhost/database
#               }
#       }

}
syslog {
        identifier = charon-custom
        daemon {
        }
        auth {
            default = -1
            ike = 0
        }
    }

libstrongswan {
        integrity_test = yes
        crypto_test {
                on_add = yes
                on_create = yes
                required = yes
  }
}

/etc/ipsec.secrets

: PSK mypsk

%any SERVERIP : PSK "mypsk"

testuser : XAUTH "pass1"
testuser2 : XAUTH "pass2"
testuser3 : XAUTH "pass3"

Here is /var/log/charon.log

http://dpaste.com/787194/

Best Regards,
Dmitry

---
Dmitry KORZHEVIN
System Administrator
STIDIA S.A. - Luxembourg

e: dmitry.korzhevin at stidia.com
m: +38 093 874 5453
w: http://www.stidia.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4488 bytes
Desc: ���������������������������������� �������������� S/MIME
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120816/726db861/attachment.bin>