[strongSwan] having issue while establishing tunnel with public key authentication mode

Tobias Brunner tobias at strongswan.org
Thu Jan 17 15:22:19 CET 2019

Hi Yogesh,

> I have two ends of site to site VPN where both are configured with
> strongswan and version IKEv1.

Please use IKEv2 if you have strongSwan on both sides, no reason to use
a deprecated protocol.

> Is it normal behavior of strongswan, that we can establish only one
> tunnel at a time on the same machine using same certificate(RSA) ?
> Or what is the expected behavior in this case ?  

Yes, this is the default behavior, a single IKE_SA per pair of
identities.  Have a look at the uniqueids option (or unique in


More information about the Users mailing list