[strongSwan] Fwd: [strongSwan-dev] config w/ multiple ios devices on a network...

Andrew Foss afoss at actmobile.com
Fri Apr 24 22:33:15 CEST 2015 

No joy, w/ rightsubnet=10.255.0.0/16 <http://10.255.0.0/16>

results in

Apr 24 20:28:44 accel charon: 06[IKE] peer requested virtual IP %any
Apr 24 20:28:44 accel charon: 06[IKE] no virtual IP found for %any 
requested by 'actmobile'

The odd thing is running 5.0.2 strongswan that same config using 
rightsourceip=10.255.0.0/16 <http://10.255.0.0/16>, the clients do get 
different addresses from the pool, but on 5.3.0, they are all getting 
the same?

On 4/24/15 12:20 PM, Miroslav Svoboda wrote:
> This is not good. Possibly, what we solved was just a result, not the 
> root cause.
> Before, I overlooked the configuration issue; maybe you will want to 
> enable uniqueids again once fixed.
>
> Instead of:
> rightsourceip=10.255.0.0/16 <http://10.255.0.0/16>
> there should be:
> rightsubnet=10.255.0.0/16 <http://10.255.0.0/16>
>
> Logs will be even better if you include directive in 
> "charon-logging.conf":
> ike_name = yes
>
> M.
>
> Miroslav Svoboda | +420 608 224 486 <tel:%2B420%20608%20224%20486>
>
> On 24 April 2015 at 21:02, Andrew Foss <afoss at actmobile.com 
> <mailto:afoss at actmobile.com>> wrote:
>
>     Miroslav,
>
>     thank you, that did it! Wow, did I log some hours trying different
>     combinations, but didn't get that one and you also helped by
>     suggesting I turn off enc logging, now my logs are more helpful,
>     before they always ended in "dropped rate-limiting" so really
>     weren't telling me much.
>
>     Interestingly, both the connected devices now have the same
>     virtual ip 10.254.0.1/32 <http://10.254.0.1/32>, but both seem to
>     be working fine and the 2 devices never need to talk directly to
>     one another, so maybe all the devices can use/assign the same ip
>     address for the client's tunnel? Is that a common way to run?
>
>     andrew
>
>     On 4/24/15 11:36 AM, Miroslav Svoboda wrote:
>>     This is the problem:
>>     Apr 24 17:21:43 accel charon: 10[IKE] deleting duplicate IKE_SA
>>     for peer 'actmobile' due to uniqueness policy
>>
>>     Look for config option "uniqueids" here:
>>     https://wiki.strongswan.org/projects/strongswan/wiki/ConfigSetupSection
>>
>>     M.
>>
>>     Miroslav Svoboda | +420 608 224 486 <tel:%2B420%20608%20224%20486>
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150424/5db66af8/attachment.html>

More information about the Users mailing list