[strongSwan] Duplicate checking: duplicheck and uniqueids not working
Tiago Vasconcelos
tiago.o.vasconcelos at gmail.com
Sun Jul 26 10:34:00 CEST 2015
I'm getting duplicate SAs:
Routed Connections:
nyc{1}: ROUTED, TUNNEL, reqid 1
nyc{1}: 10.71.4.0/24 === 172.30.98.0/25
Security Associations (1 up, 0 connecting):
nyc[23]: ESTABLISHED 25 minutes ago,
47.11.120.10[par.xyz.com]...32.254.201.10[nyc.xyz.com]
nyc{203}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: caa1aee8_i cbea4bcf_o
nyc{203}: 10.71.4.0/24 === 172.30.98.0/25
nyc{204}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: ceabd81b_i c4139b82_o
nyc{204}: 10.71.4.0/24 === 172.30.98.0/25
nyc{205}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: cffa7d5a_i c39ea537_o
nyc{205}: 10.71.4.0/24 === 172.30.98.0/25
nyc{206}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: c6595d8f_i ca9cee83_o
nyc{206}: 10.71.4.0/24 === 172.30.98.0/25
nyc{207}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: ca494b8e_i c9009c65_o
nyc{207}: 10.71.4.0/24 === 172.30.98.0/25
Even though I have set in ipsec.conf:
uniqueids=yes
and I have a .conf file inside strongswan.d directory containing the
following:
charon {
plugins {
duplicheck {
enable = yes
}
}
}
and in strongswan.conf I have:
include strongswan.d/*.conf
Why am I still getting duplicates?
For reference, here's my ipsec.conf:
config setup
uniqueids=yes
conn %default
left=47.11.120.10
leftsubnet=10.71.4.0/24
leftid=@par.xyz.com
leftcert=parcert.pem
mobike=no
leftfirewall=yes
lefthostaccess=yes
ikelifetime=4h
lifetime=3h
dpdaction=restart
dpddelay=10s
conn d01
right=32.254.201.10
rightid=@nyc.xyz.com
rightsubnet=172.30.98.0/25,%dynamic
auto=route
Tiago
More information about the Users
mailing list