[strongSwan] Duplicate checking: duplicheck and uniqueids not working
tobias at strongswan.org
Tue Jul 28 10:24:30 CEST 2015
> Perhaps I'm missing something fundamental, but from what I can read on
> that wiki page, the purpose of the duplicheck plugin is to prevent the
> duplicate IKE_SAs I'm getting.
Not exactly: If a duplicate is found the plugin will attempt to delete
the old IKE_SA. If that succeeds, not only is the old SA deleted, the
plugin explicitly also deletes the new IKE_SA (and sends a notification
via a UNIX socket). So you end up without any SAs in that case, which
is probably not what you want (the plugin was created for a customer, it
is not really intended for general use).
More information about the Users