[strongSwan] Strongswan part of Ubuntu 18.04 LTS = Duplicate client IPs.. and same for Ubuntu 20.04 LTS
Tobias Brunner
tobias at strongswan.org
Tue Dec 1 14:58:01 CET 2020
Hi Magnus,
> root at vpn:~# ipsec leases
> Leases in pool '10.0.214.220-10.0.214.250', usage: 1/31, 1 online
> 10.0.214.220 online ‘/userid/'
> root at vpn:~#
This output makes no sense if three clients are concurrently connected
(online leases are not reassigned). Check the output of `ipsec
statusall`, are there really three clients online (with duplicate
traffic selectors)? Or do you have uniqueids enabled and clients just
got the same offline lease assigned after the existing IKE_SA was closed
(check the log)?
> *If I change:*
> *rightsourceip=10.0.214.220-10.0.214.250*
>
> *to:*
> rightsourceip=10.0.214.0/24
>
> The VPN server then hands out unique IPs in both 18.04 LTS and 20.04 LTS
That makes even less sense because other than how the address pool is
constructed (i.e. how the size and base address are determined) there is
no difference in the implementation. There is even a unit test that
uses the same identity to request multiple (different) addresses from a
range-based address pool.
Regards,
Tobias
More information about the Users
mailing list