Source: strongswan Version: 5.0.4-3 Severity: wishlist Hello Yves-Alexis and Rene, per private email discussion you asked that I submit feature requests through the BTS.
Please enable the ‘duplicheck’ plugin. This plugin is a more specialized form of the ‘uniqueids’ feature for detecting duplicate identities. This plugin is marked as stable according to the PluginList¹ wiki and doesn't require any additional build dependencies. You may want to add charon.plugins.duplicheck.enable = no to strongswan.conf since this plugin is enabled by default. In my environment I kept seeing duplicate IKE_SA's until I enabled this plugin. Strange behavior could have something to do with bugs with routed transport mode, IPsec over 6in4 tunnels with varrying MTUs, and dropped fragmented packets during SA establishment. ¹ https://wiki.strongswan.org/projects/strongswan/wiki/PluginList -- System Information: Debian Release: 7.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.9-0.bpo.1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash -- Gerald Turner Email: gtur...@unzane.com JID: gtur...@unzane.com GPG: 0xFA8CD6D5 21D9 B2E8 7FE7 F19E 5F7D 4D0C 3FA0 810F FA8C D6D5
pgp2gu1_Io9sH.pgp
Description: PGP signature