Hi,
We are facing a scenario where 2 policies have same tunnel endpoints but different dpd delay value. Now we see 2 IKE_INIT_SA and 2 tunnels are created. Following is configuration: conn conn12 type=tunnel leftsubnet=6.6.6.4/32 rightsubnet=6.6.6.6/32 left=6.6.6.4 right=6.6.6.6 keyexchange=ikev2 reauth=no ike=aes128-sha1-modp1024,3des-sha1-modp1024! ikelifetime=83376s esp=aes128-sha1,3des-sha1! authby=pubkey rightid=%any keylife=86400s dpdaction=restart dpddelay=20s dpdtimeout=120s rekeyfuzz=50% rekeymargin=180s conn conn13 type=tunnel leftsubnet=5.5.5.4/32 rightsubnet=0.0.0.0/0 left=6.6.6.4 right=6.6.6.6 keyexchange=ikev2 reauth=no ike=aes128-sha1-modp1024,3des-sha1-modp1024! ikelifetime=83376s esp=aes128-sha1,3des-sha1! authby=pubkey rightid=%any keylife=86400s dpdaction=restart dpddelay=10s dpdtimeout=120s rekeyfuzz=50% rekeymargin=180s Now we use different same policies but diferent DH values that is one policy has modp1024 and another modp2048 as shown below only 1 IKE_INIT_SA is sent. conn conn12 type=tunnel leftsubnet=6.6.6.4/32 rightsubnet=6.6.6.6/32 left=6.6.6.4 right=6.6.6.6 keyexchange=ikev2 reauth=no ike=aes128-sha1-modp1024,3des-sha1-modp1024! ikelifetime=83376s esp=aes128-sha1,3des-sha1! authby=pubkey rightid=%any keylife=86400s dpdaction=restart dpddelay=20s dpdtimeout=120s rekeyfuzz=50% rekeymargin=180s conn conn13 type=tunnel leftsubnet=5.5.5.4/32 rightsubnet=0.0.0.0/0 left=6.6.6.4 right=6.6.6.6 keyexchange=ikev2 reauth=no ike=aes128-sha1-modp2048,3des-sha1-modp2048! ikelifetime=83376s esp=aes128-sha1,3des-sha1! authby=pubkey rightid=%any keylife=86400s dpdaction=restart dpddelay=10s dpdtimeout=120s rekeyfuzz=50% rekeymargin=180s I know DH value is negotiated value while DPD delay is local and does not depend on peer. We are using Strongswan 4.5.0 Request your help. Thanks, Vinay
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
