Hi Oleksandr,
> May you, please, help me?
Disable the duplicheck plugin [1].
Regards,
Tobias
[1] https://wiki.strongswan.org/projects/strongswan/wiki/Duplicheck
Hello,
I use strongswan roadwarrior setup, it works well, but when my employees
connect from the same internal IP addresses they receive disconnect:
charon: 07[CFG] detected duplicate IKE_SA for '192.168.0.105', triggering
delete for old IKE_SA
charon: 13[CFG] got a response on a duplicate
Thanks for your response Noel. I cannot go to swanctl so have to continue
ipsec.conf for now.
I changed the config to single subnet:
conn m1
type=tunnel
authby=secret
auto=ignore
keyexchange=ikev1
ike=aes128-sha-modp1536!
aggressive=no
IKEv1 does not support several subnets per side.
You need to enumerate all desired combinations in seperate conns. Or just use
swanctl, because ipsec is deprecated. Then the configuration is more obvious.
Am 20.03.20 um 16:11 schrieb Makarand Pradhan:
> Hi All,
>
> The solution, I mentioned
Please provide all information as shown on the HelpRequests[1] page. Then we
can go onwards with finding the source of the problem.
Kind regards
Noel
[1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests
Am 20.03.20 um 16:20 schrieb Makarand Pradhan:
> Thanks for your response
There is a page at the strongswan site that talks about different options for
route-based tunneling (Google it), which is what I think you want... You could
tie the IP Xfrm activity to a virtual interface... Vti-based, xfrm-based, or
tun-tap based.I think you may want to look at that.Also, is
Hi All,
The solution, I mentioned earlier is wrong. If I specify the routes explicitly,
then the packets go through even with the tunnel down.
If the tunnel is up, the packets are encrypted. That is good.
So, this issue is still unresolved. Pl do comment. Any advice would be highly
One quick question before I send all the logs. Maybe the tunnel is working as
expected. Can you pl go through the set up below to confirm that, there is
indeed an issue here:
Scenario:
PC1 - Router1 - Router2 - Tunnel - Router3 - Router4 - PC2
PC1 IP: 10.10.9.3, Network: 10.10.9.0/24
PC2 IP:
Please send all the data I asked for.
And especially the output of `ipsec statusall`.
strongSwan installs all required routes by default.
Am 20.03.20 um 18:17 schrieb Makarand Pradhan:
> One quick question before I send all the logs. Maybe the tunnel is working as
> expected. Can you pl go
Tx for the clarification. All information per the wiki is attached.
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line: +1-844-520-0588 Ext. 129
Direct Line: +1-289-724-2296
Cell: +1-226-501-5666
Fax:+1-289-401-5206
10 matches
Mail list logo