[strongSwan] Multiple Child SA after only 14 minutes
Tom Rymes
trymes at rymes.com
Mon Feb 9 19:11:31 CET 2015
I am having some connectivity issues and I am not certain if this is a
symptom or the cause. On one of my machines I see the following:
[root at hudson ~]# ipsec status
Routed Connections:
Data{1}: ROUTED, TUNNEL
Data{1}: 192.168.0.0/21 === 10.100.0.0/23
Security Associations (1 up, 0 connecting):
Data[6]: ESTABLISHED 14 minutes ago, 50.255.159.181[C=US,
ST=XX, O=something, OU=Some Dept,
CN=hostname.domain.dom]...XX.YY.ZZ.XX[C=US, ST=XX, O=something, OU=Some
Dept, CN=domain.dom]
Data{1}: INSTALLED, TUNNEL, ESP SPIs: c7efeef8_i c583fdba_o,
IPCOMP CPIs: bf58_i c959_o
Data{1}: 192.168.0.0/21 === 10.100.0.0/23
Data{1}: INSTALLED, TUNNEL, ESP SPIs: c5f5025b_i cfeb18ba_o,
IPCOMP CPIs: 0a35_i d9e7_o
Data{1}: 192.168.0.0/21 === 10.100.0.0/23
Data{1}: INSTALLED, TUNNEL, ESP SPIs: c0f0123d_i c9452af2_o,
IPCOMP CPIs: 5026_i cc69_o
Data{1}: 192.168.0.0/21 === 10.100.0.0/23
Why are there three Child SAs installed if the tunnel has only been up
for 14 minutes and ikelifetime=8h and keylife=1h?
Tom
More information about the Users
mailing list