[strongSwan] Duplicate checking: duplicheck and uniqueids not working

Tiago Vasconcelos tiago.o.vasconcelos at gmail.com
Mon Jul 27 19:52:05 CEST 2015

Hi Tobias

 > Please read the description of the duplicheck plugin's behavior on its
> wiki page  [1].  It's most likely not what you want.

Perhaps I'm missing something fundamental, but from what I can read on 
that wiki page, the purpose of the duplicheck plugin is to prevent the 
duplicate IKE_SAs I'm getting.

> Hard to tell without logs.  But since the daemon is multi-threaded, not
> all duplicates are currently resolved.  If two peers concurrently
> establish SAs to each other duplicate SAs are quite likely.  Due to the
> reqid changes in 5.3.x such duplicates shouldn't be much of an issue
> anymore though.

I reduced the number of duplicates by fixing the remote strongSwan's 
config (still a 4.6, while the local strongSwan is a 5.3.2) which had 
add=start. But this has not completely eliminated the duplicates.

Glad to know that, from 5.3.x onwards duplicates are not an issue.


More information about the Users mailing list