Hi Benoit, > 'CN=game.foo.com' already has an online lease, unable to assign address
> Is there a way to force the IP address assignment for the new tunnel in > this case? No, currently not. The address is reserved, and the daemon won't assign it twice. The ipsec.conf uniqueids option won't work either, as it gracefully negotiates the shutdown of the old tunnel. As the peer won't respond on this SA, this takes several retransmits. This is a good case where the INITIAL_CONTACT notify could delete the old SA, but we currently do not support it. One option is to set leftsourceip on the client to the specific IP, the server will reassign it in this case. But this probably won't solve the problem, you'll have a conflict between the old and the new CHILD_SA. The only solution I currently see is to use a larger pool with multiple addresses. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
