[strongSwan] roadwarrior IKEv2 PSK reauthentication issue
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Thu Jun 8 14:52:30 CEST 2017
On 07.06.2017 11:31, Lars Alex Pedersen wrote:
> I got about 100 RW clients that are connecting to a pfsense 2.2.6 and are
> seeing something odd when the clients are reauthenticating IKE_SA. Can
> anybody tell why two different virtual IP's are received within 1 second? On
> the pfsense side I see that the same two roadwarriors are "fighting" between
> the two virtuel ip's, so if one gets 10.75.4.75 the other will get
> 10.75.4.54.
What's your ipsec.conf and the current pool status (`ipsec stroke leases`)?
If you can, use make_before_break in strongswan.conf.
Kind regards
Noel
---
Noel Kuntze
IT security consultant
GPG Key ID: 0x0739AD6C
Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170608/e30dbf48/attachment.sig>
More information about the Users
mailing list