[strongSwan] Strongswan part of Ubuntu 18.04 LTS = Duplicate client IPs.. and same for Ubuntu 20.04 LTS

Tobias Brunner tobias at strongswan.org
Tue Dec 1 14:58:01 CET 2020

Hi Magnus,

> root at vpn:~# ipsec leases
> Leases in pool '', usage: 1/31, 1 online
>   online   ‘/userid/'
> root at vpn:~#

This output makes no sense if three clients are concurrently connected
(online leases are not reassigned).  Check the output of `ipsec
statusall`, are there really three clients online (with duplicate
traffic selectors)?  Or do you have uniqueids enabled and clients just
got the same offline lease assigned after the existing IKE_SA was closed
(check the log)?

> *If I change:*
> *rightsourceip=*
> *to:*
> rightsourceip=
> The VPN server then hands out unique IPs in both 18.04 LTS and 20.04 LTS

That makes even less sense because other than how the address pool is
constructed (i.e. how the size and base address are determined) there is
no difference in the implementation.  There is even a unit test that
uses the same identity to request multiple (different) addresses from a
range-based address pool.


More information about the Users mailing list