[strongSwan] Dublicated SA
korsar182 at gmail.com
korsar182 at gmail.com
Thu Feb 27 16:48:33 CET 2020
Hello,
I am using IPSec in transport mode to connect my networks.
My settings:
ipsec.conf
conn %default
auto=add
left=1.1.1.1
ike=aes256gcm16-sha2_256-ecp521,aes256-sha1-sha2_256-modp1024-ecp521
esp=aes256gcm16-ecp521,aes256ctr-sha2_256-ecp521
rekey=no
dpdaction=clear
fragmentation=yes
keyexchange=ikev2
type=tunnel
leftauth=pubkey
rightauth=pubkey
leftcert=server.crt
leftsendcert=always
authby=pubkey
reauth=no
conn transport
type=transport
leftprotoport=udp/l2tp
rightprotoport=udp/%any
How I can prevent install dublicated SA?
swanctl -l:
transport: #307, ESTABLISHED, IKEv2, 33d5b4f621c1d7e4_i 6b766489df4e6be8_r*
local 'CN=' @ 1.1.1.1[4500]
remote 'C=' @ 2.2.2.2[4500]
AES_CBC-256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_521
established 1565s ago
transport: #2833, reqid 292, REKEYED, TRANSPORT,
ESP:AES_CTR-256/HMAC_SHA2_256_128
installed 1565s ago
in c60e9eaf, 597320317 bytes, 438354 packets, 0s ago
out 0c7fcef1, 24187646 bytes, 240074 packets, 7s ago
local 1.1.1.1/32[udp/l2f]
remote 2.2.2.2/32[udp/l2f]
transport: #3035, reqid 292, INSTALLED, TRANSPORT,
ESP:AES_CTR-256/HMAC_SHA2_256_128/ECP_521
installed 108s ago
in c282733a, 0 bytes, 0 packets, 5s ago
out 08735373, 0 bytes, 0 packets
local 1.1.1.1/32[udp/l2f]
remote 2.2.2.2/32[udp/l2f]
transport: #3038, reqid 292, INSTALLED, TRANSPORT,
ESP:AES_CTR-256/HMAC_SHA2_256_128/ECP_521
installed 93s ago
in c5aaccad, 0 bytes, 0 packets, 5s ago
out 0b9a47ee, 0 bytes, 0 packets
local 1.1.1.1/32[udp/l2f]
remote 2.2.2.2/32[udp/l2f]
transport: #3043, reqid 292, INSTALLED, TRANSPORT,
ESP:AES_CTR-256/HMAC_SHA2_256_128/ECP_521
installed 72s ago
in cb17dcf3, 0 bytes, 0 packets, 5s ago
out 04ccf002, 0 bytes, 0 packets
local 1.1.1.1/32[udp/l2f]
remote 2.2.2.2/32[udp/l2f]
transport: #3049, reqid 292, INSTALLED, TRANSPORT,
ESP:AES_CTR-256/HMAC_SHA2_256_128/ECP_521
installed 44s ago
in c0ed0e45, 0 bytes, 0 packets, 5s ago
out 01d6f597, 0 bytes, 0 packets
local 1.1.1.1/32[udp/l2f]
remote 2.2.2.2/32[udp/l2f]
transport: #3052, reqid 292, INSTALLED, TRANSPORT,
ESP:AES_CTR-256/HMAC_SHA2_256_128/ECP_521
installed 27s ago
in c2a82d3b, 0 bytes, 0 packets, 5s ago
out 0753eda2, 0 bytes, 0 packets
local 1.1.1.1/32[udp/l2f]
remote 2.2.2.2/32[udp/l2f]
transport: #3058, reqid 292, INSTALLED, TRANSPORT,
ESP:AES_CTR-256/HMAC_SHA2_256_128/ECP_521
installed 8s ago
in cd035006, 0 bytes, 0 packets, 5s ago
out 0e360563, 0 bytes, 0 packets
local 1.1.1.1/32[udp/l2f]
remote 2.2.2.2/32[udp/l2f]
More information about the Users
mailing list