Hi,
Individual client based conn sections cannot be added since the server do not know the identity of road warriors. Wanted to check, for this use case(where server do not know its clients), would even Sql plugin provide any solution wrt assigning same virtual IP to a client always? Thanks Sumit -----Original Message----- From: ext Tobias Brunner [mailto:[email protected]] Sent: Thursday, February 12, 2015 4:52 PM To: Kaur, Sumit (NSN - IN/Bangalore); ext Noel Kuntze; [email protected] Subject: Re: [strongSwan] Issues observed with Server leases in road warrior configuration Hi Sumit, > Note that, strongswan version that I use is 4.3.6. The reassign_online option was added with 5.1.0, but the default behavior before that was actually to reassign online leases. But only if the client explicitly requested the same IP address it got assigned earlier. This was done for better interoperability during reauthentication with third-party implementations, but we added the option and disabled this behavior by default when we started to prevent duplicate IPsec policies (see [1]). Since your client obviously won't request the same address this does not actually help in your case. Please try the SQL plugin as mentioned by Noel (another option might be to assign IP addresses via RADIUS, or adding individual conn sections for each client). In newer releases, where, as mentioned, duplicate IPsec policies are not allowed this could actually cause problems, though, if the old SA is still around. > Also, there is nothing available on strongswan wiki wrt > mem-pool.reassign_online option. I've added documentation to the wiki and the man page. Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=7612a6e42 _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
