Hi Sumit, > Note that, strongswan version that I use is 4.3.6.
The reassign_online option was added with 5.1.0, but the default behavior before that was actually to reassign online leases. But only if the client explicitly requested the same IP address it got assigned earlier. This was done for better interoperability during reauthentication with third-party implementations, but we added the option and disabled this behavior by default when we started to prevent duplicate IPsec policies (see [1]). Since your client obviously won't request the same address this does not actually help in your case. Please try the SQL plugin as mentioned by Noel (another option might be to assign IP addresses via RADIUS, or adding individual conn sections for each client). In newer releases, where, as mentioned, duplicate IPsec policies are not allowed this could actually cause problems, though, if the old SA is still around. > Also, there is nothing available on strongswan wiki wrt > mem-pool.reassign_online option. I've added documentation to the wiki and the man page. Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=7612a6e42 _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
