--On Tuesday, January 08, 2013 11:30:00 AM +0330 Ali Masoudi <masoudi1...@gmail.com> wrote:
> Thank you Dirk for your answer, > > But what about ikev1 connections? I think using multiple subnets in > one connection is acceptable in ikev2. If I'm wrong, correct me > please. no that is correct. "IKEv2 supports multiple subnets separated by commas, IKEv1 only interprets the first subnet of such a definition, unless the Cisco Unity extension plugin is enabled (available since 5.0.1)." <http://wiki.strongswan.org/projects/strongswan/wiki/ConnSection> > I use "reuse_ikesa = no" for a while and I have no problem, but in the > last week, I started to work with hearbeat service from linux-ha, and > in the failover occasions, after i bring up the virtual ip address > related service (I have written) for ipsec, I had a few problems to > bring up some tunnels. But when I use "reuse_ikesa = yes", the > problems solved. could it be a timing-problem? I assume that initiating a full IKE_SA takes more time than just a CHILD_SA. _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users