[strongSwan] Can't have more then one connection

Sharon Sahar sharon.sahar at gmail.com
Mon Jul 2 00:15:56 CEST 2012


Hi,

I'm using SS v4.6.3 configured to support iPhone devices.
After successfully connecting an iPhone, when i try to connect another
iPhone or Racoon (with different username and certificate from same CA) the
first connection is disconnected. As a result, i can only have one active
connection at a time.

This is what is see in the log (164.40.134.185 initiates new connection and
 109.64.217.197 is being disconnected):

"ios"[3] 164.40.134.185 #4: we have a cert and are sending it upon request
Jul  1 16:56:08 02104-8-1222487 pluto[12915]: "ios"[3] 164.40.134.185 #4:
deleting connection "ios" instance with peer 109.64.217.197
{isakmp=#2/ipsec=#3}
Jul  1 16:56:08 02104-8-1222487 pluto[12915]: "ios" #3: deleting state
(STATE_QUICK_R2)
Jul  1 16:56:08 02104-8-1222487 pluto[12915]: "ios" #2: deleting state
(STATE_MODE_CFG_R1)
Jul  1 16:56:08 02104-8-1222487 pluto[12915]: | unref key: 0x174acb0
0x174ab10 cnt 1 'C=CH, O=LacoonSecurity, CN=client'
Jul  1 16:56:08 02104-8-1222487 pluto[12915]: "ios"[3] 164.40.134.185 #4:
unroute-client output: /usr/libexec/ipsec/_updown: doroute `ip route delete
10.0.0.3/32 via 109.64.217.197 dev eth0  src 10.0.0.15 table 220' failed
(RTNETLINK answers: No such process)

Any idea whats causing this behavior?

Thanks!

ipsec.conf is below:

config setup
plutodebug=controlmore
# crlcheckinterval=600
# strictcrlpolicy=yes
# cachecrls=yes
nat_traversal=yes
charonstart=no
plutostart=yes
# plutostderrlog=/var/log/plutolog.log
uniqueids=yes


conn ios
type=tunnel
# modeconfig=pull
# installpolicy=yes
keyexchange=ikev1
        authby=xauthrsasig
xauth=server
        left=164.40.134.181
leftsourceip=10.0.0.15
        leftsubnet=0.0.0.0/0
        leftfirewall=yes
        leftcert=serverCert.pem
leftprotoport=%any
        right=%any
        rightsourceip=10.0.0.1/24
rightsubnet=0.0.0.0/0
rightprotoport=%any
rightnexthop=%defaultroute
rightid=%any
        rightcert=clientCert.pem
        pfs=no
        auto=add
  dpdaction=clear
  dpddelay=10
  dpdtimeout=150
rekey=no
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120702/32fb3c52/attachment.html>


More information about the Users mailing list