[strongSwan] Can't have more then one connection
Sharon Sahar
sharon.sahar at gmail.com
Mon Jul 2 00:15:56 CEST 2012
Hi,
I'm using SS v4.6.3 configured to support iPhone devices.
After successfully connecting an iPhone, when i try to connect another
iPhone or Racoon (with different username and certificate from same CA) the
first connection is disconnected. As a result, i can only have one active
connection at a time.
This is what is see in the log (164.40.134.185 initiates new connection and
109.64.217.197 is being disconnected):
"ios"[3] 164.40.134.185 #4: we have a cert and are sending it upon request
Jul 1 16:56:08 02104-8-1222487 pluto[12915]: "ios"[3] 164.40.134.185 #4:
deleting connection "ios" instance with peer 109.64.217.197
{isakmp=#2/ipsec=#3}
Jul 1 16:56:08 02104-8-1222487 pluto[12915]: "ios" #3: deleting state
(STATE_QUICK_R2)
Jul 1 16:56:08 02104-8-1222487 pluto[12915]: "ios" #2: deleting state
(STATE_MODE_CFG_R1)
Jul 1 16:56:08 02104-8-1222487 pluto[12915]: | unref key: 0x174acb0
0x174ab10 cnt 1 'C=CH, O=LacoonSecurity, CN=client'
Jul 1 16:56:08 02104-8-1222487 pluto[12915]: "ios"[3] 164.40.134.185 #4:
unroute-client output: /usr/libexec/ipsec/_updown: doroute `ip route delete
10.0.0.3/32 via 109.64.217.197 dev eth0 src 10.0.0.15 table 220' failed
(RTNETLINK answers: No such process)
Any idea whats causing this behavior?
Thanks!
ipsec.conf is below:
config setup
plutodebug=controlmore
# crlcheckinterval=600
# strictcrlpolicy=yes
# cachecrls=yes
nat_traversal=yes
charonstart=no
plutostart=yes
# plutostderrlog=/var/log/plutolog.log
uniqueids=yes
conn ios
type=tunnel
# modeconfig=pull
# installpolicy=yes
keyexchange=ikev1
authby=xauthrsasig
xauth=server
left=164.40.134.181
leftsourceip=10.0.0.15
leftsubnet=0.0.0.0/0
leftfirewall=yes
leftcert=serverCert.pem
leftprotoport=%any
right=%any
rightsourceip=10.0.0.1/24
rightsubnet=0.0.0.0/0
rightprotoport=%any
rightnexthop=%defaultroute
rightid=%any
rightcert=clientCert.pem
pfs=no
auto=add
dpdaction=clear
dpddelay=10
dpdtimeout=150
rekey=no
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120702/32fb3c52/attachment.html>
More information about the Users
mailing list