[strongSwan] Problem: "unable to install policy -the same policy for reqid XXXX exists "

Sven Anders anders at anduras.de
Fri Nov 23 16:48:51 CET 2018

Am 23.11.18 um 11:11 schrieb Tobias Brunner:
> Hi Sven,
>> We are using strongSwan 5.6.2 on a Linux kernel 4.1.39.
> Try using a newer strongSwan version.

So the problem is known?
Which version should I use at least. Will 5.6.3 be enough or
should I use 5.7.1 instead?

>> The installed policy (in this case) is the following:
>> src dst
>>         dir out priority 379519 ptype main
>>         tmpl src dst
>>                 proto esp spi 0x0f95ddf2 reqid 4388 mode tunnel
> Use the full log to see why it may have been left there.  That log
> snippet you added is not really useful.

There are many request and the log file is very long.
What kind of message do you expect or what should I search for?

>> I already tried to change "auto=add" to "auto=route", which I found in a description
>> of a similar problem, but that changed nothing...
> auto=route makes no sense on a gateway for roadwarriors.

Ok, just read about it in another similar problem and this was one idea
to solve it (the race condition?)...

 Sven Anders

 Sven Anders <anders at anduras.de>                 () UTF-8 Ribbon Campaign
                                                 /\ Support plain text e-mail
 ANDURAS intranet security AG
 Messestrasse 3 - 94036 Passau - Germany
 Web: www.anduras.de - Tel: +49 (0)851-4 90 50-0 - Fax: +49 (0)851-4 90 50-55

Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety.
  - Benjamin Franklin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: anders.vcf
Type: text/x-vcard
Size: 339 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20181123/cca092d1/attachment.vcf>

More information about the Users mailing list