Hi Vinay > But many times I face a situation where multiple tunnels are created > for the same policies.
>From your Unit2 log I see that the other peer initiates these tunnels explicitly. During the first 2 minutes, Unit1 initiates each connection three times. I don't see why from this log, and it doesn't make much sense. DPD could cause this, but this would be a rather short timeout. Did you modify retransmission timeouts in strongswan.conf? Or do you use any external tools to control tunnel establishment? As a work-around, you can consider using the ipsec.conf uniqueids option, but this would require unique identities for each connection (this is currently not the case, as the defined IDs are not part of your certificate). However, it is probably better to find out why Unit1 initiates these tunnels multiple times. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
