[strongSwan] two installed tunnels for one connection ( ikev2 )

Wed, 18 Feb 2009 23:01:06 -0800 

Hi,

we changed the last days to ikev2 connections.
Now we often have more than two tunnels for the same connection.
Is this a config problem? Or is it a normal behavior?

Thanks!
Nicole

ipsec statusall output:

ffm02fw-bonn:  1.2.3.4[ffm02fw]...4.3.2.1[bonn]
ffm02fw-bonn:  CAs: "C=DE, ST=Hessen, L=Frankfurt, O=Test, 
OU=IT-Abteilung, CN=RootCA ?c? Test DE, e=t...@test.de"...%any
ffm02fw-bonn:  public key authentication
ffm02fw-bonn:    192.168.5.0/24 === 192.168.48.0/21
grontmij-bonn:    10.0.0.0/8 === 192.168.48.0/21

ffm02fw-bonn[10]: ESTABLISHED 49710 days, 1.2.3.4[ffm02fw]...4.3.2.1[bonn]
ffm02fw-bonn[10]: IKE SPIs: a16097650bd86a4a_i* c9388e1030cba532_r, 
public key reauthentication in 2 hours
ffm02fw-bonn[10]: IKE proposal: 
AES_CBC-128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048_BIT
ffm02fw-bonn{22}:  INSTALLED, TUNNEL, ESP SPIs: ceddf20e_i c0767698_o
ffm02fw-bonn{22}:  AES_CBC-128/HMAC_SHA1_96, rekeying in 36 minutes, 
last use: no_i no_o
ffm02fw-bonn{22}:   192.168.5.0/24 === 192.168.48.0/21
grontmij-bonn{29}:  INSTALLED, TUNNEL, ESP SPIs: c8039e93_i c1b39a5b_o
grontmij-bonn{29}:  AES_CBC-128/HMAC_SHA1_96, rekeying in 31 minutes, 
last use: no_i no_o
grontmij-bonn{29}:   10.0.0.0/8 === 192.168.48.0/21
grontmij-bonn{34}:  INSTALLED, TUNNEL, ESP SPIs: c72d08a8_i c28f373a_o
grontmij-bonn{34}:  AES_CBC-128/HMAC_SHA1_96, rekeying in 32 minutes, 
last use: no_i no_o
grontmij-bonn{34}:   10.0.0.0/8 === 192.168.48.0/21

------------------------------------------
ipsec.conf on host ffm02fw (same on the other host):

config setup
    crlcheckinterval=0
    strictcrlpolicy=no
    plutodebug=none
    uniqueids=replace
    charonstart=yes
    plutostart=no

conn %default
    keyexchange=ikev2
    mobike=yes
    authby=rsasig
    left=1.2.3.4
    left...@ffm02fw
    leftcert=ffm02fw-cert.pem
    leftrsasigkey=%cert
    rightrsasigkey=%cert
    leftfirewall=yes
    lefthostaccess=yes
    compress=no


include /etc/ipsec.d/conf/*.conf
---------------------------------------------
connections on host ffm02fw:

conn ffm02fw-bonn
    leftsubnet=192.168.5.0/24
    right=4.3.2.1.
    right...@bonn
    rightsubnet=192.168.48.0/21
    #
    auto=start

conn grontmij-bonn
    leftsubnet=10.0.0.0/8
    right=4.3.2.1
    right...@bonn
    rightsubnet=192.168.48.0/21
    #
    auto=start

---------------------------------------------
connections on host bonn:

conn bonn-ffm02fw
    leftsubnet=192.168.48.0/21
    right=1.2.3.4
    right...@ffm02fw
    rightsubnet=192.168.5.0/24
    #
    auto=start

conn bonn-grontmij
    leftsubnet=192.168.48.0/21
    right=1.2.3.4
    right...@ffm02fw
    rightsubnet=10.0.0.0/8
    #
    auto=start
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to