[strongSwan] roadwarrior IKEv2 PSK reauthentication issue

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Thu Jun 8 14:52:30 CEST 2017



On 07.06.2017 11:31, Lars Alex Pedersen wrote:
> I got about 100 RW clients that are connecting to a pfsense 2.2.6 and are
> seeing something odd when the clients are reauthenticating IKE_SA. Can
> anybody tell why two different virtual IP's are received within 1 second? On
> the pfsense side I see that the same two roadwarriors are "fighting" between
> the two virtuel ip's, so if one gets 10.75.4.75 the other will get
> 10.75.4.54.

What's your ipsec.conf and the current pool status (`ipsec stroke leases`)?
If you can, use make_before_break in strongswan.conf.

Kind regards

Noel

---
Noel Kuntze
IT security consultant

GPG Key ID: 0x0739AD6C
Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170608/e30dbf48/attachment.sig>


More information about the Users mailing list