[strongSwan] uniqueids
Peter Sagerson
psagers at ignorare.net
Wed Mar 28 04:37:37 CEST 2012
Here's another question, and I hope it will be easier, more interesting, and less lame than my last.
I see that both pluto and charon support the uniqueids option, which ensures that each peer ID can only connect from one IP at a time. I have a situation where some peers are generating multiple connections from a single IP and the old ones are left hanging, generally until they eventually get cleaned up by DPD. So is there some deep technical reason for the different-ip constraint on peer uniquing, or is that simply the policy that makes the most sense for most deployments? Put another way, what terrible fate would befall me if I were to remove the sameaddr check in a private build and enforce unique IDs regardless?
Thanks,
Peter
More information about the Users
mailing list