[strongSwan] strange behavior between hosts
James
jameszee13 at gmail.com
Wed Apr 1 20:06:01 CEST 2015
All,
Hoping for some clarity to a behavior I've become aware of with strongSwan.
I have 5 hosts that connect to each other. The config stanzas on all
the hosts are practically identical (except for ids and IP addresses)
to each other and appear as follows:
conn dev4-dev3
type=transport
authby=secret
left=2.1.1.174
leftid=dev4
leftfirewall=no
leftupdown=/etc/ipsec.updown
right=2.1.1.173
rightid=dev3
rightfirewall=no
rightupdown=/etc/ipsec.updown
auto=start
compress = yes
conn dev4-dev5
type=transport
authby=secret
left=2.1.1.174
leftid=dev4
leftfirewall=yes
leftupdown=/etc/ipsec.updown
right=2.1.1.175
rightid=dev5
rightfirewall=yes
rightupdown=/etc/ipsec.updown
auto=start
compress = yes
<snip>
In total, dev4 _should have_ 4 connections: dev1, dev2, dev3 and dev5.
I've noticed, however, that after restarting the daemon there are
occasions where five or even six connections are being made. See
below:
http://pastebin.com/KPHeUR7J
Note how dev4 (the host where this output is from) has _multiple_
connections to 2.1.1.171 and 2.1.1.172.
How is this possible given the configuration above? Will one of these
eventually time out?
I suppose there are no real security issues with this, but I am rather
curious to determine why this is happening.
Any thoughts / ideas would be greatly appreciated.
More information about the Users
mailing list