[strongSwan] ikev1 dynamic initiator test
rakesh bansod
rakesh.bansod1209 at gmail.com
Sat Sep 28 08:19:45 CEST 2013
Hi,
I am trying test no. 22 on website i.e. ikev1/dynamic-initiator. As
written there, it should make tunnel even if the ip is changed.
but when I change my ip, it detects the change in ip and phase 1 is
re-installed (IKE_SA) but it is not creating CHILD_SA at that time.
CHILD_SA is creating only at the time of rekeying.
also when i try to up the connection again it says "unable to install
ipsec policies, the same policy exists.
I changed the rekeying time and at the time of rekeying CHILD_SA is created.
Please help.
my ipsec.conf file, see if anything is wrong in it.
FEDORA SIDE
conn dynamic
left=%any
leftsubnet=192.168.153.0/24
leftid=fedora
leftfirewall=yes
right=%ubuntu
rightid=ubuntu
rightsourceip=192.168.153.12
authby=secret
auto=add
keyexchange=ikev1
dpdaction=restart
ikelifetime=30m
keylife=10m
rekeymargin=2m
UBUNTU SIDE
conn dynamic
left=%any
leftsourceip=%config
leftid=ubuntu
leftfirewall=yes
right=%fedora
rightid=fedora
rightsubnet=192.168.153.0/24
authby=secret
auto=add
keyexchange=ikev1
dpdaction=restart
ikelifetime=30m
keylife=10m
rekeymargin=2m
Thank you,
Rakesh
More information about the Users
mailing list