-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Claude,
this problem with persistent SQL-based pools was fixed with 5.0.3rc1. See also our new example scenario https://www.strongswan.org/uml/testresults5rc/ikev2/ip-two-pools-v4v6-db/ Regards Andreas On 03/26/2013 09:46 AM, Claude Tompers wrote: > Hello, > > My strongswan 5.0.2 installation has some bizarre behaviour with > IKEv2 connections that ask both an IPv4 and an IPv6 address. > > My client ipsec.conf is as follows : > > conn IKEv2 keyexchange=ikev2 left=%any leftauth=pubkey > leftcert=nullpointerexception-cert.pem > leftsourceip=%config4,%config6 right=casarrondo.restena.lu > rightauth=pubkey [email protected] > > > My server ipsec.conf is as follows : > > conn IKEv2-tech keyexchange=ikev2 rightauth=pubkey > rightsendcert=always rightid="C=LU, L=Luxembourg, O=Fondation > RESTENA, OU=Technical, CN=*, E=*" rightsourceip=%tech-v4,%tech-v6 > auto=add > > > Both pools are defined as follows : > > name start end timeout size online usage > tech-v4 158.64.15.193 158.64.15.206 1h 14 0 ( 0%) > 2 (14%) tech-v6 2001:a18:1:40::1 2001:a18:1:40::ff 1h 255 > 0 ( 0%) 0 ( 0%) > > > In the server logs, I see the following lines : > > Mar 26 09:35:47 casarrondo charon: 07[CFG] acquired existing lease > for address 158.64.15.193 in pool 'tech-v4' Mar 26 09:35:47 > casarrondo charon: 07[IKE] assigning virtual IP 158.64.15.193 to > peer 'C=LU ... Mar 26 09:35:47 casarrondo charon: 07[IKE] peer > requested virtual IP %any6 Mar 26 09:35:47 casarrondo charon: > 07[CFG] acquired existing lease for address 158.64.15.194 in pool > 'tech-v4' Mar 26 09:35:47 casarrondo charon: 07[IKE] assigning > virtual IP 158.64.15.194 to peer 'C=LU ... > > The client really ends up with two addresses from tech-v4 pool. > I've changed the following line in the server's ipsec.conf : > > rightsourceip=%tech-v6,%tech-v4 > > The result was that strongswan distributed 2 addresses from the > tech-v6 pool. Is there an error in my configuration ? > > kind regards, Claude > > > > _______________________________________________ Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users > - -- ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQCVAwUBUVFoydYbDnNAmVNZAQL+WwP8DlbAUGFqpEB6nyYY1Iy1jzw3QJdyhah8 Y6FgoI5xqOD1mdeTO9S3wpohyIzHRnpim0FHHfzqSUumtsnQPPdS2V8r2E6ILy7D gdHYXYZR/Mu0IU4JLWre5AXAESXjiiNWtdmpTIk6xqkw825V2nvG9XHEP0cxhFWo XBIjPLUSiwc= =psqE -----END PGP SIGNATURE-----
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
