[strongSwan] Duplicate checking: duplicheck and uniqueids not working

Tobias Brunner tobias at strongswan.org
Tue Jul 28 10:24:30 CEST 2015

Hi Tiago,

> Perhaps I'm missing something fundamental, but from what I can read on 
> that wiki page, the purpose of the duplicheck plugin is to prevent the 
> duplicate IKE_SAs I'm getting.

Not exactly:  If a duplicate is found the plugin will attempt to delete
the old IKE_SA.  If that succeeds, not only is the old SA deleted, the
plugin explicitly also deletes the new IKE_SA (and sends a notification
via a UNIX socket).  So you end up without any SAs in that case, which
is probably not what you want (the plugin was created for a customer, it
is not really intended for general use).


More information about the Users mailing list