This is not good. Possibly, what we solved was just a result, not the root cause. Before, I overlooked the configuration issue; maybe you will want to enable uniqueids again once fixed.
Instead of: rightsourceip=10.255.0.0/16 there should be: rightsubnet=10.255.0.0/16 Logs will be even better if you include directive in "charon-logging.conf": ike_name = yes M. Miroslav Svoboda | +420 608 224 486 On 24 April 2015 at 21:02, Andrew Foss <[email protected]> wrote: > Miroslav, > > thank you, that did it! Wow, did I log some hours trying different > combinations, but didn't get that one and you also helped by suggesting I > turn off enc logging, now my logs are more helpful, before they always > ended in "dropped rate-limiting" so really weren't telling me much. > > Interestingly, both the connected devices now have the same virtual ip > 10.254.0.1/32, but both seem to be working fine and the 2 devices never > need to talk directly to one another, so maybe all the devices can > use/assign the same ip address for the client's tunnel? Is that a common > way to run? > > andrew > > On 4/24/15 11:36 AM, Miroslav Svoboda wrote: > > This is the problem: > Apr 24 17:21:43 accel charon: 10[IKE] deleting duplicate IKE_SA for peer > 'actmobile' due to uniqueness policy > > Look for config option "uniqueids" here: > https://wiki.strongswan.org/projects/strongswan/wiki/ConfigSetupSection > > M. > > Miroslav Svoboda | +420 608 224 486 > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
