I do have start on both the peers as I need to connect on start of the ipsec on both sides. Is there an alternative approach ?
Also I think uniqueids are enabled by default, I have not turned them off. -sanjay ----------------------------------------------------- Please consider the environment before printing this email. -----Original Message----- From: Martin Willi [mailto:[email protected]] Sent: Friday, June 22, 2012 4:18 AM To: Shukla, Sanjay Cc: [email protected] Subject: Re: [strongSwan] what does multiple ESTABLISHED staet for a connection mean Hi, > I am debugging an issue and was wondering what these multiple > ESTABLISHED states mean and if they have any detrimental effect. I > assume these imply there are multiple child SA’s ? This means that you have two IKE_SAs established between your peers. Might happen if both configurations use auto=start, or auto=route triggers tunnels simultaneously. Have a look for the "uniqueids" option in the ipsec.conf manpage to avoid multiple tunnels between the same identities. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
