[strongSwan] why multiple SAs for one peer?
Victor Sudakov
vas at sibptus.ru
Wed Nov 18 12:38:50 CET 2020
Tobias Brunner wrote:
> Hi Victor,
>
> > What's the reason for strongSwan to create (sometimes) multiple SAs for
> > a single peer?
>
> Could be a misconfiguration, like combining trap policies with
> reauthentication (see [1]). Without the information Noel requested we
> really can't tell more, though.
If it's a misconfiguration, then something must be wrong in the
configuration file, right? I've already posted the configuration file
and I'm happy to do that again:
=========================================
config setup
charondebug=""
conn %default
auto=route
reauth = no
conn officeru3
authby=secret
dpddelay=10s
dpdaction=restart
esp=aes128-sha1-modp2048!
ike=aes128-sha1-modp2048!
ikelifetime=3h
lifetime=1h
keyexchange=ikev2
type=transport
left=x.x.x.x
right=y.y.y.y
leftprotoport=47
rightprotoport=47
conn officeru4
also = officeru3
right=z.z.z.z
=========================================
There are more peers like "officeru4" down the config.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
More information about the Users
mailing list