[strongSwan] Duplicate checking: duplicheck and uniqueids not working
Tiago Vasconcelos
tiago.o.vasconcelos at gmail.com
Mon Jul 27 19:52:05 CEST 2015
Hi Tobias
> Please read the description of the duplicheck plugin's behavior on its
> wiki page [1]. It's most likely not what you want.
Perhaps I'm missing something fundamental, but from what I can read on
that wiki page, the purpose of the duplicheck plugin is to prevent the
duplicate IKE_SAs I'm getting.
> Hard to tell without logs. But since the daemon is multi-threaded, not
> all duplicates are currently resolved. If two peers concurrently
> establish SAs to each other duplicate SAs are quite likely. Due to the
> reqid changes in 5.3.x such duplicates shouldn't be much of an issue
> anymore though.
I reduced the number of duplicates by fixing the remote strongSwan's
config (still a 4.6, while the local strongSwan is a 5.3.2) which had
add=start. But this has not completely eliminated the duplicates.
Glad to know that, from 5.3.x onwards duplicates are not an issue.
Thanks,
Tiago
More information about the Users
mailing list