[strongSwan] [Strongswan] Strongswan is deleting IKE_SA without any notification error

Martin Willi martin at strongswan.org
Thu Jun 28 10:04:45 CEST 2012

> After some time, Strongswan is deleting IKE_SA without sending any
> notification

Not "after some time", but after another (or the same?) peer connects
with the same identity:

> 14[IKE] deleting duplicate IKE_SA for peer 'cross at cas.com' due to
> uniqueness policy

Have a look at the ipsec.conf "uniqueids" option to see how to handle
multiple clients with the same identity. Maybe the same peer tries to
reauthenticate, but that might be problematic if a uniqueness policy is
in place.

> 14[IKE] sending DELETE for IKE_SA fqdn_vr[3]
> 14[ENC] generating INFORMATIONAL request 0 [ D ]

And a notify is sent for the old SA, but the peer never responds to the
delete exchange.


More information about the Users mailing list