[strongSwan] Fwd: [strongSwan-dev] config w/ multiple ios devices on a network...
Miroslav Svoboda
goodmirek at goodmirek.cz
Fri Apr 24 21:20:02 CEST 2015
This is not good. Possibly, what we solved was just a result, not the root
cause.
Before, I overlooked the configuration issue; maybe you will want to enable
uniqueids again once fixed.
Instead of:
rightsourceip=10.255.0.0/16
there should be:
rightsubnet=10.255.0.0/16
Logs will be even better if you include directive in "charon-logging.conf":
ike_name = yes
M.
Miroslav Svoboda | +420 608 224 486
On 24 April 2015 at 21:02, Andrew Foss <afoss at actmobile.com> wrote:
> Miroslav,
>
> thank you, that did it! Wow, did I log some hours trying different
> combinations, but didn't get that one and you also helped by suggesting I
> turn off enc logging, now my logs are more helpful, before they always
> ended in "dropped rate-limiting" so really weren't telling me much.
>
> Interestingly, both the connected devices now have the same virtual ip
> 10.254.0.1/32, but both seem to be working fine and the 2 devices never
> need to talk directly to one another, so maybe all the devices can
> use/assign the same ip address for the client's tunnel? Is that a common
> way to run?
>
> andrew
>
> On 4/24/15 11:36 AM, Miroslav Svoboda wrote:
>
> This is the problem:
> Apr 24 17:21:43 accel charon: 10[IKE] deleting duplicate IKE_SA for peer
> 'actmobile' due to uniqueness policy
>
> Look for config option "uniqueids" here:
> https://wiki.strongswan.org/projects/strongswan/wiki/ConfigSetupSection
>
> M.
>
> Miroslav Svoboda | +420 608 224 486
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150424/451060d5/attachment.html>
More information about the Users
mailing list