Thank you so much Dirk Maybe it is related to timing, I am going to check that. In that case, if I bring up tunnels one by one with a slight delay, the problem must be solved I think.
Best wishes On Tue, Jan 8, 2013 at 11:41 AM, Dirk Hartmann <[email protected]> wrote: > > > --On Tuesday, January 08, 2013 11:30:00 AM +0330 Ali Masoudi > <[email protected]> wrote: > >> Thank you Dirk for your answer, >> >> But what about ikev1 connections? I think using multiple subnets in >> one connection is acceptable in ikev2. If I'm wrong, correct me >> please. > > no that is correct. > "IKEv2 supports multiple subnets separated by commas, IKEv1 only > interprets the first subnet of such a definition, unless the Cisco > Unity extension plugin is enabled (available since 5.0.1)." > <http://wiki.strongswan.org/projects/strongswan/wiki/ConnSection> > >> I use "reuse_ikesa = no" for a while and I have no problem, but in the >> last week, I started to work with hearbeat service from linux-ha, and >> in the failover occasions, after i bring up the virtual ip address >> related service (I have written) for ipsec, I had a few problems to >> bring up some tunnels. But when I use "reuse_ikesa = yes", the >> problems solved. > > could it be a timing-problem? I assume that initiating a full IKE_SA > takes more time than just a CHILD_SA. > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
