[strongSwan] [Strongswan] Strongswan is deleting IKE_SA without any notification error
Martin Willi
martin at strongswan.org
Thu Jun 28 10:04:45 CEST 2012
> After some time, Strongswan is deleting IKE_SA without sending any
> notification
Not "after some time", but after another (or the same?) peer connects
with the same identity:
> 14[IKE] deleting duplicate IKE_SA for peer 'cross at cas.com' due to
> uniqueness policy
Have a look at the ipsec.conf "uniqueids" option to see how to handle
multiple clients with the same identity. Maybe the same peer tries to
reauthenticate, but that might be problematic if a uniqueness policy is
in place.
> 14[IKE] sending DELETE for IKE_SA fqdn_vr[3]
> 14[ENC] generating INFORMATIONAL request 0 [ D ]
And a notify is sent for the old SA, but the peer never responds to the
delete exchange.
Regards
Martin
More information about the Users
mailing list