[strongSwan] problem with identical local peers addresses of two clients

Hendl Stephan stephan.hendl at landtag.brandenburg.de
Thu Jan 24 16:37:00 CET 2019

Hi Tobias,

> exchange).  Did you try if it makes a difference if you let the IKE
> daemon do an EAP-Identity exchange first (configure eap_identity=%any)?

We gave it a try but unfortunately without success. We also changed to PEAP 
with certificates (	PEAP (EAP-TLS)) but Windows uses the same procedure and 
took the local IP-Address in the IKE_SA.

charon: 14[IKE] IKE_SA ikev2-LTV-VPN_EDV[6] established between a.b.c.d[CN=name.domain]...[]

So I guess there is now other way to avoid this behavior as keeping in mind 
that having the same local IP addresses in more than at least two clients is 
forbidden. Right?


More information about the Users mailing list