> > HI Andreas/Martin/Tobias, > > Would be greatfull if any one of you could provide some help on this issue. > > BR > Sajal > > On Thu, Jul 15, 2010 at 4:11 PM, Sajal Malhotra > <[email protected]>wrote: > >> Hi All, >> >> I am facing an issue with the ikev2 stack. >> Please refer to the ipsec.conf file below: >> >> Here we have 2 connections SA1 and SA2 which are basically 2 IpSec SAs >> using same Tunnel (IKE SA). >> Problem is that when i change the configuration of connection SA1 and fire >> "ipsec update" then both SA1 and SA2 configuration are deleted and >> thereafter if i try to bring up the SA2, i see an error saying " no config >> named 'SA2'" >> I am performing following steps: >> 1. bring up SA1 "ipsec up SA1" >> 2. bring up SA2 "ipsec up SA2" >> 3. close SA1 >> 4. close SA2 >> 5. Update the configuration of only SA1 (changed leftprotoport and >> rightprotoport to 49154). >> 6. now i fired "ipsec update" command. >> 7. now try to bring up connection SA2. "ipsec up SA2" >> 8. In logs attached observe that an error is displayed saying: "charon: >> 09[CFG] no config named 'SA2'". Please observe that even though i have NOT >> updated SA2, connection in steps above. It seems that SA2 configuration has >> got deleted in step 6 above and hence it displays the error. >> >> Can you please confirm if the behavior is correct and if am doing any >> mistake in my configuration >> >> ipsec.conf >> _____________________ >> >> config setup >> cachecrls=no >> charonstart=yes >> plutostart=no >> strictcrlpolicy=no >> uniqueids=no >> >> ca section1 >> cacert=/tmp/RootCert070f33_7349bbdb.pem >> auto=add >> >> conn SA1 >> ikelifetime=24h >> keyexchange=ikev2 >> keyingtries=%forever >> keylife=90m >> reauth=no >> rekey=yes >> mobike=no >> dpddelay=0 >> rekeymargin=4m >> ike=aes128-sha1-modp1024,3des-sha1-modp1024! >> esp=aes128-sha1-modp1024,3des-sha1-modp1024! >> authby=rsasig >> left=20.20.20.20 >> leftsubnet=10.10.10.10/32 >> right=20.20.20.21 >> rightsubnet=10.10.10.12/32 >> leftprotoport=udp/49156 >> rightprotoport=udp/49156 >> leftcert=/tmp/BTScert.pem >> rightid=%any >> auto=add >> >> conn SA2 >> ikelifetime=24h >> keyexchange=ikev2 >> keyingtries=%forever >> keylife=90m >> reauth=no >> rekey=yes >> mobike=no >> dpddelay=0 >> rekeymargin=4m >> ike=aes128-sha1-modp1024,3des-sha1-modp1024! >> esp=aes128-sha1-modp1024,3des-sha1-modp1024! >> authby=rsasig >> left=20.20.20.20 >> leftsubnet=10.10.10.10/32 >> right=20.20.20.21 >> rightsubnet=10.10.10.12/32 >> leftprotoport=udp/65535 >> rightprotoport=udp/65535 >> leftcert=/tmp/BTScert.pem >> rightid=%any >> auto=add >> >> Thanks and Regards >> Sajal >> > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
