[strongSwan] Handling of overlapping tunnel establishment

Joern Mewes joern.mewes at gmx.net
Thu Jul 30 18:04:15 CEST 2015 

Hi Tobias,

Thanks for your response.

> Stating this without also providing the reason for it (or at least a
> log) makes it hard to help you.  If you are getting errors related to
> reqids when the daemon attempts to install the IPsec policies, you
> should update to 5.3.x.

Let me attach a charon.log we took as we replicated the issue. I see
several messages like these:

Jul 30 17:35:59 03[CFG] <srxgw|1> unable to install policy 0.0.0.0/0
=== 0.0.0.0/0 out (mark 0/0x00000000) for reqid 2, the
same policy for reqid 1 exists
Jul 30 17:35:59 03[CFG] <srxgw|1> unable to install policy 0.0.0.0/0
=== 0.0.0.0/0 in (mark 0/0x00000000) for reqid 2, the
same policy for reqid 1 exists
Jul 30 17:35:59 03[CFG] <srxgw|1> unable to install policy 0.0.0.0/0
=== 0.0.0.0/0 fwd (mark 0/0x00000000) for reqid 2, the
same policy for reqid 1 exists
Jul 30 17:35:59 03[CFG] <srxgw|1> unable to install policy 0.0.0.0/0
=== 0.0.0.0/0 out (mark 0/0x00000000) for reqid 2, the
same policy for reqid 1 exists
Jul 30 17:35:59 03[CFG] <srxgw|1> unable to install policy 0.0.0.0/0
=== 0.0.0.0/0 in (mark 0/0x00000000) for reqid 2, the
same policy for reqid 1 exists
Jul 30 17:35:59 03[CFG] <srxgw|1> unable to install policy 0.0.0.0/0
=== 0.0.0.0/0 fwd (mark 0/0x00000000) for reqid 2, the
same policy for reqid 1 exists
Jul 30 17:35:59 03[IKE] <srxgw|1> unable to install IPsec policies
(SPD) in kernel


Are these the messages you were referring to?

Br,
Joern

2015-07-30 17:19 GMT+02:00 Tobias Brunner <tobias at strongswan.org>:
> Hi Joern,
>
>> Immediately strongswan deletes Child SA of its own initiated tunnel
>
> Stating this without also providing the reason for it (or at least a
> log) makes it hard to help you.  If you are getting errors related to
> reqids when the daemon attempts to install the IPsec policies, you
> should update to 5.3.x.
>
> Regards,
> Tobias
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: charon.log
Type: application/octet-stream
Size: 25703 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150730/0d90055c/attachment-0001.obj>

More information about the Users mailing list