[strongSwan] roadwarriors and duplicate LAN subnets
Oleksandr Tkachenko
Oleksandr.Tkachenko at diceus.com
Fri Mar 20 11:56:54 CET 2020
Hello,
I use strongswan roadwarrior setup, it works well, but when my employees connect from the same internal IP addresses they receive disconnect:
charon: 07[CFG] detected duplicate IKE_SA for '192.168.0.105', triggering delete for old IKE_SA
charon: 13[CFG] got a response on a duplicate IKE_SA for '192.168.0.105', deleting new IKE_SA
charon: 13[IKE] IKE_SA deleted
charon: 05[IKE] deleting IKE_SA IKEv2-tunnel[344] between 1.1.1.1[1.1.1.1]...2.2.2.2[192.168.0.105]
ipsec.conf:
config setup
charondebug="all"
uniqueids=no
strictcrlpolicy=no
conn %default
auto=route
left=1.1.1.1
leftcert=1.1.1.1.crt
leftauth=pubkey
leftsendcert=always
rekey=no
dpdaction=clear
keyexchange=ikev2
type=tunnel
conn IKEv2-tunnel
rightauth=eap-radius
eap_identity=%any
rightsourceip=10.0.0.0/24
rightsendcert=never
May you, please, help me?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200320/162f9c1c/attachment-0001.html>
More information about the Users
mailing list