[strongSwan] what does multiple ESTABLISHED staet for a connection mean
Shukla, Sanjay
Sanjay.Shukla at ipc.com
Thu Jun 28 15:29:34 CEST 2012
I do have start on both the peers as I need to connect on start of the ipsec on both sides. Is there an alternative approach ?
Also I think uniqueids are enabled by default, I have not turned them off.
-sanjay
-----------------------------------------------------
Please consider the environment before printing this email.
-----Original Message-----
From: Martin Willi [mailto:martin at strongswan.org]
Sent: Friday, June 22, 2012 4:18 AM
To: Shukla, Sanjay
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] what does multiple ESTABLISHED staet for a connection mean
Hi,
> I am debugging an issue and was wondering what these multiple
> ESTABLISHED states mean and if they have any detrimental effect. I
> assume these imply there are multiple child SA’s ?
This means that you have two IKE_SAs established between your peers.
Might happen if both configurations use auto=start, or auto=route triggers tunnels simultaneously. Have a look for the "uniqueids" option in the ipsec.conf manpage to avoid multiple tunnels between the same identities.
Regards
Martin
More information about the Users
mailing list