[strongSwan] roadwarriors and duplicate LAN subnets

Oleksandr Tkachenko Oleksandr.Tkachenko at diceus.com
Fri Mar 20 11:56:54 CET 2020


Hello,
I use strongswan roadwarrior setup, it works well, but when my employees connect from the same internal IP addresses they receive disconnect:
charon: 07[CFG] detected duplicate IKE_SA for '192.168.0.105', triggering delete for old IKE_SA
charon: 13[CFG] got a response on a duplicate IKE_SA for '192.168.0.105', deleting new IKE_SA
charon: 13[IKE] IKE_SA deleted
charon: 05[IKE] deleting IKE_SA IKEv2-tunnel[344] between 1.1.1.1[1.1.1.1]...2.2.2.2[192.168.0.105]

ipsec.conf:
config setup
        charondebug="all"
        uniqueids=no
        strictcrlpolicy=no
conn %default
        auto=route
        left=1.1.1.1
        leftcert=1.1.1.1.crt
        leftauth=pubkey
        leftsendcert=always
        rekey=no
        dpdaction=clear
        keyexchange=ikev2
        type=tunnel
conn IKEv2-tunnel
  rightauth=eap-radius
  eap_identity=%any
  rightsourceip=10.0.0.0/24
  rightsendcert=never

May you, please, help me?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200320/162f9c1c/attachment-0001.html>


More information about the Users mailing list