[strongSwan] why multiple SAs for one peer?

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Wed Nov 18 10:39:59 CET 2020


Hello Victor,

Please provide a log as shown on the HelpRequests[1] page.

Kind regards

Noel

[1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests

Am 13.11.20 um 04:13 schrieb Victor Sudakov:
> Dear Colleagues,
> 
> What's the reason for strongSwan to create (sometimes) multiple SAs for
> a single peer? Please see the example below where the "officeru3" peer
> looks fine to me while the "officeru4" peer has an extraneous SA.
> 
> root at tunn:~# ipsec status | grep officeru3
>    officeru3{2}:  ROUTED, TRANSPORT, reqid 2
>    officeru3{2}:   x.x.x.x/32[gre] === y.y.y.y/32[gre]
>    officeru3[27]: ESTABLISHED 108 minutes ago, x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
>    officeru3{83}:  INSTALLED, TRANSPORT, reqid 2, ESP in UDP SPIs: c1f542b3_i 0e4df460_o
>    officeru3{83}:   x.x.x.x/32[gre] === y.y.y.y/32[gre]
> root at tunn:~# 
> root at tunn:~# ipsec status | grep officeru4
>    officeru4{3}:  ROUTED, TRANSPORT, reqid 3
>    officeru4{3}:   x.x.x.x/32[gre] === z.z.z.z/32[gre]
>    officeru4[30]: ESTABLISHED 60 minutes ago, x.x.x.x[x.x.x.x]...z.z.z.z[z.z.z.z]
>    officeru4{82}:  INSTALLED, TRANSPORT, reqid 3, ESP in UDP SPIs: c50d4bb3_i 0f33c281_o
>    officeru4{82}:   x.x.x.x/32[gre] === z.z.z.z/32[gre]
>    officeru4[28]: ESTABLISHED 106 minutes ago, x.x.x.x[x.x.x.x]...z.z.z.z[z.z.z.z]
>    officeru4{84}:  INSTALLED, TRANSPORT, reqid 3, ESP in UDP SPIs: c02ebd2f_i 0a5e786d_o
>    officeru4{84}:   x.x.x.x/32[gre] === z.z.z.z/32[gre]
> root at tunn:~# 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20201118/4504727f/attachment.sig>


More information about the Users mailing list