[strongSwan] How to allow several connections for each user simultaneously ?
Dongsheng Song
dongsheng.song at gmail.com
Sun Jan 25 04:07:44 CET 2015
Hi,
I use strongswan 5.2.1, it only works one connection per user
simultaneously. I had set 'uniqueids' to 'never', but no lock. Here is
my configration:
$ cat /etc/ipsec.conf
config setup
uniqueids=never
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
conn default
leftsubnet=0.0.0.0/0
leftid=@songdongsheng.info
leftcert=ipsecCert.cer
leftauth=pubkey
rightsourceip=10.1.1.0/24
rightsubnet=10.1.1.0/24
rightauth=eap-mschapv2
rightsendcert=never
eap_identity=%any
auto=add
$ cat /etc/strongswan.conf
charon {
load_modular = yes
dns1 = 192.168.30.248
dns2 = 8.8.8.8
plugins {
include strongswan.d/charon/*.conf
duplicheck.enable = no
}
The server log said:
...
2015-01-25T11:03:39.466969+08:00 charon: 06[CFG] unable to install
policy 0.0.0.0/0 === 10.1.1.0/24 out (mark 0/0x00000000) for reqid 29,
the same policy for reqid 28 exists
2015-01-25T11:03:39.466978+08:00 charon: 06[CFG] unable to install
policy 10.1.1.0/24 === 0.0.0.0/0 in (mark 0/0x00000000) for reqid 29,
the same policy for reqid 28 exists
2015-01-25T11:03:39.466982+08:00 charon: 06[CFG] unable to install
policy 10.1.1.0/24 === 0.0.0.0/0 fwd (mark 0/0x00000000) for reqid 29,
the same policy for reqid 28 exists
2015-01-25T11:03:39.466989+08:00 charon: 06[CFG] unable to install
policy 0.0.0.0/0 === 10.1.1.0/24 out (mark 0/0x00000000) for reqid 29,
the same policy for reqid 28 exists
2015-01-25T11:03:39.467001+08:00 charon: 06[CFG] unable to install
policy 10.1.1.0/24 === 0.0.0.0/0 in (mark 0/0x00000000) for reqid 29,
the same policy for reqid 28 exists
2015-01-25T11:03:39.467004+08:00 charon: 06[CFG] unable to install
policy 10.1.1.0/24 === 0.0.0.0/0 fwd (mark 0/0x00000000) for reqid 29,
the same policy for reqid 28 exists
2015-01-25T11:03:39.467011+08:00 charon: 06[IKE] unable to install
IPsec policies (SPD) in kernel
2015-01-25T11:03:39.467029+08:00 charon: 06[IKE] failed to establish
CHILD_SA, keeping IKE_SA
2015-01-25T11:03:39.467052+08:00 charon: 06[KNL] deleting policy
0.0.0.0/0 === 10.1.1.0/24 out failed, not found
2015-01-25T11:03:39.467061+08:00 charon: 06[KNL] deleting policy
10.1.1.0/24 === 0.0.0.0/0 in failed, not found
2015-01-25T11:03:39.467063+08:00 charon: 06[KNL] deleting policy
10.1.1.0/24 === 0.0.0.0/0 fwd failed, not found
2015-01-25T11:03:39.467066+08:00 charon: 06[KNL] deleting policy
0.0.0.0/0 === 10.1.1.0/24 out failed, not found
2015-01-25T11:03:39.467080+08:00 charon: 06[KNL] deleting policy
10.1.1.0/24 === 0.0.0.0/0 in failed, not found
2015-01-25T11:03:39.467084+08:00 charon: 06[KNL] deleting policy
10.1.1.0/24 === 0.0.0.0/0 fwd failed, not found
2015-01-25T11:03:39.467122+08:00 charon: 06[ENC] generating IKE_AUTH
response 5 [ AUTH CPRP(ADDR DNS DNS) N(AUTH_LFT) N(MOBIKE_SUP)
N(ADD_4_ADDR) N(TS_UNACCEPT) ]
...
Thanks,
Dongsheng
More information about the Users
mailing list