[strongSwan] Multiple tunnels for the same policies

Martin Willi martin at strongswan.org
Wed Jul 18 09:48:32 CEST 2012

Hi Vinay

> But many times I face a situation where multiple tunnels are created
> for the same policies.

>From your Unit2 log I see that the other peer initiates these tunnels
explicitly. During the first 2 minutes, Unit1 initiates each connection
three times. I don't see why from this log, and it doesn't make much

DPD could cause this, but this would be a rather short timeout. Did you
modify retransmission timeouts in strongswan.conf? Or do you use any
external tools to control tunnel establishment?

As a work-around, you can consider using the ipsec.conf uniqueids
option, but this would require unique identities for each connection
(this is currently not the case, as the defined IDs are not part of your
certificate). However, it is probably better to find out why Unit1
initiates these tunnels multiple times.


More information about the Users mailing list