[strongSwan] duplicate child SAs

Justin Pryzby pryzby at telsasoft.com
Thu Aug 4 17:15:30 CEST 2016

Running strongswan-5.4.0-2.el6.x86_64 on centos6, is this expected ?

New connections to don't work when this happens.

As I understand, uniqueids has to do with IKE SAs.  In any case, it's commented
in my config and therefor =yes.

[pryzbyj at limitlessmobile ~]$ sudo strongswan statusall |grep oss2.limitless
oss2.limitless: child: xxxxxx.208.18/32 === TUNNEL, dpdaction=restart
oss2.limitless{299}: ROUTED, TUNNEL, reqid 3
oss2.limitless{299}: xxxxxx.208.18/32 ===
oss2.limitless{726}: INSTALLED, TUNNEL, reqid 3, ESP SPIs: cc92a8e0_i 863d5428_o
oss2.limitless{726}: AES_CBC_256/HMAC_SHA1_96, 1545796 bytes_i (3539 pkts, 445s ago), 0 bytes_o, rekeying in 7 hours
oss2.limitless{726}: xxxxxx.208.18/32 ===
oss2.limitless{728}: INSTALLED, TUNNEL, reqid 3, ESP SPIs: cee5cf4b_i 74b54166_o
oss2.limitless{728}: AES_CBC_256/HMAC_SHA1_96, 0 bytes_i (0 pkts, 445s ago), 432160 bytes_o (3652 pkts, 2s ago), rekeying in 7 hours
oss2.limitless{728}: xxxxxx.208.18/32 === 


limitless.ike[283]: ESTABLISHED 4 minutes ago, xxxxxx.208.18[xxxxxx.208.18]...xxxxxx.127.52[xxxxxx.127.52]
limitless.ike[283]: IKEv2 SPIs: 7f69cd42c412e78a_i* 73725af73d128cc0_r, pre-shared key reauthentication in 23 hours
limitless.ike[283]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
oss2.limitless{10170}:  INSTALLED, TUNNEL, reqid 3, ESP SPIs: cd4f36b6_i 551b4f53_o
oss2.limitless{10170}:  AES_CBC_256/HMAC_SHA1_96, 2329624 bytes_i (5008 pkts, 59s ago), 168 bytes_o (1 pkt, 36s ago), rekeying in 7 hours
oss2.limitless{10170}:   xxxxxx.208.18/32 ===
oss2.limitless{10173}:  INSTALLED, TUNNEL, reqid 3, ESP SPIs: c7d57753_i 41064833_o
oss2.limitless{10173}:  AES_CBC_256/HMAC_SHA1_96, 0 bytes_i (0 pkts, 59s ago), 593728 bytes_o (4886 pkts, 4s ago), rekeying in 7 hours


More information about the Users mailing list