Hello, I have a machine that connects to a strongSwan gateway to establish a VPN connection (both machines are Linux machines with strongSwan 4.4.1, using ikev2). It gets a virtual IP from the gateway (gw is using rightsourceip=192.168.132.0/22).
>From time to time, when I reboot the machine, the assignment of the IP fails >on reboot. I suspect this is because the previous tunnel wasn't properly >shutdown when the machine went down before the reboot. Is there a way to force >the IP address assignment for the new tunnel in this case? The log below shows >the previous tunnel being deleted and the new one being established and the >virtual IP assignment error. Let me know if you need more information and >thanks for your help. ==== 15[IKE] authentication of 'gw.foo.com' (myself) with RSA signature successful 15[IKE] deleting duplicate IKE_SA for peer 'CN=game.foo.com' due to uniqueness policy 15[IKE] deleting IKE_SA instance[4] between 10.12.195.22[gw.foo.com]...10.24.98.213[CN=game.foo.com] 15[IKE] sending DELETE for IKE_SA instance[4] 15[ENC] generating INFORMATIONAL request 0 [ D ] 15[NET] sending packet: from 10.12.195.22[4500] to 10.24.98.213[4500] 15[IKE] IKE_SA instance[6] established between 10.12.195.22[gw.foo.com]...10.24.98.213[CN=game.foo.com] 15[IKE] scheduling reauthentication in 10515s 15[IKE] maximum IKE_SA lifetime 10695s 15[IKE] sending end entity cert "xxx" 15[IKE] peer requested virtual IP %any 15[CFG] 'CN=game.foo.com' already has an online lease, unable to assign address 15[CFG] acquiring address from pool 'instance' failed 15[IKE] no virtual IP found, sending INTERNAL_ADDRESS_FAILURE 15[IKE] configuration payload negotation failed, no CHILD_SA built ==== Cheers, Benoit. _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
