[strongSwan] Problem: "unable to install policy -the same policy for reqid XXXX exists "
Sven Anders
anders at anduras.de
Fri Nov 23 16:48:51 CET 2018
Am 23.11.18 um 11:11 schrieb Tobias Brunner:
> Hi Sven,
>
>> We are using strongSwan 5.6.2 on a Linux kernel 4.1.39.
>
> Try using a newer strongSwan version.
So the problem is known?
Which version should I use at least. Will 5.6.3 be enough or
should I use 5.7.1 instead?
>> The installed policy (in this case) is the following:
>>
>> src 10.0.0.0/8 dst 192.168.3.67/32
>> dir out priority 379519 ptype main
>> tmpl src 217.6.20.66 dst 84.160.101.118
>> proto esp spi 0x0f95ddf2 reqid 4388 mode tunnel
>
> Use the full log to see why it may have been left there. That log
> snippet you added is not really useful.
There are many request and the log file is very long.
What kind of message do you expect or what should I search for?
>> I already tried to change "auto=add" to "auto=route", which I found in a description
>> of a similar problem, but that changed nothing...
>
> auto=route makes no sense on a gateway for roadwarriors.
Ok, just read about it in another similar problem and this was one idea
to solve it (the race condition?)...
Regards
Sven Anders
--
Sven Anders <anders at anduras.de> () UTF-8 Ribbon Campaign
/\ Support plain text e-mail
ANDURAS intranet security AG
Messestrasse 3 - 94036 Passau - Germany
Web: www.anduras.de - Tel: +49 (0)851-4 90 50-0 - Fax: +49 (0)851-4 90 50-55
Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety.
- Benjamin Franklin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: anders.vcf
Type: text/x-vcard
Size: 339 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20181123/cca092d1/attachment.vcf>
More information about the Users
mailing list