[strongSwan] why multiple SAs for one peer?
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Wed Nov 18 10:39:59 CET 2020
Hello Victor,
Please provide a log as shown on the HelpRequests[1] page.
Kind regards
Noel
[1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests
Am 13.11.20 um 04:13 schrieb Victor Sudakov:
> Dear Colleagues,
>
> What's the reason for strongSwan to create (sometimes) multiple SAs for
> a single peer? Please see the example below where the "officeru3" peer
> looks fine to me while the "officeru4" peer has an extraneous SA.
>
> root at tunn:~# ipsec status | grep officeru3
> officeru3{2}: ROUTED, TRANSPORT, reqid 2
> officeru3{2}: x.x.x.x/32[gre] === y.y.y.y/32[gre]
> officeru3[27]: ESTABLISHED 108 minutes ago, x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
> officeru3{83}: INSTALLED, TRANSPORT, reqid 2, ESP in UDP SPIs: c1f542b3_i 0e4df460_o
> officeru3{83}: x.x.x.x/32[gre] === y.y.y.y/32[gre]
> root at tunn:~#
> root at tunn:~# ipsec status | grep officeru4
> officeru4{3}: ROUTED, TRANSPORT, reqid 3
> officeru4{3}: x.x.x.x/32[gre] === z.z.z.z/32[gre]
> officeru4[30]: ESTABLISHED 60 minutes ago, x.x.x.x[x.x.x.x]...z.z.z.z[z.z.z.z]
> officeru4{82}: INSTALLED, TRANSPORT, reqid 3, ESP in UDP SPIs: c50d4bb3_i 0f33c281_o
> officeru4{82}: x.x.x.x/32[gre] === z.z.z.z/32[gre]
> officeru4[28]: ESTABLISHED 106 minutes ago, x.x.x.x[x.x.x.x]...z.z.z.z[z.z.z.z]
> officeru4{84}: INSTALLED, TRANSPORT, reqid 3, ESP in UDP SPIs: c02ebd2f_i 0a5e786d_o
> officeru4{84}: x.x.x.x/32[gre] === z.z.z.z/32[gre]
> root at tunn:~#
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20201118/4504727f/attachment.sig>
More information about the Users
mailing list