[strongSwan] connecting identities get always the same ip from sql-pool

Tobias Brunner tobias at strongswan.org
Mon Mar 19 16:17:50 CET 2018

Hi Mike,

> But after disconnecting, waiting 15 seconds and connecting again in the
> reversed order, each roadwarrior get the ip as it got in the first
> connection order.

Offline leases for the same identity are reused (you see "acquired
existing lease for address ... in pool '...'" in the log).  They are
also listed in `ipsec pool --leases` (first as `valid`, then as
`expired`).  The timeout is used to reassign expired/unassigned leases
if no offline lease is found.

> Is there a way to disable the address to identity binding?

No, currently not.


More information about the Users mailing list