No joy, w/ rightsubnet=10.255.0.0/16 <http://10.255.0.0/16>
results in
Apr 24 20:28:44 accel charon: 06[IKE] peer requested virtual IP %any
Apr 24 20:28:44 accel charon: 06[IKE] no virtual IP found for %any
requested by 'actmobile'
The odd thing is running 5.0.2 strongswan that same config using
rightsourceip=10.255.0.0/16 <http://10.255.0.0/16>, the clients do get
different addresses from the pool, but on 5.3.0, they are all getting
the same?
On 4/24/15 12:20 PM, Miroslav Svoboda wrote:
This is not good. Possibly, what we solved was just a result, not the
root cause.
Before, I overlooked the configuration issue; maybe you will want to
enable uniqueids again once fixed.
Instead of:
rightsourceip=10.255.0.0/16 <http://10.255.0.0/16>
there should be:
rightsubnet=10.255.0.0/16 <http://10.255.0.0/16>
Logs will be even better if you include directive in
"charon-logging.conf":
ike_name = yes
M.
Miroslav Svoboda | +420 608 224 486 <tel:%2B420%20608%20224%20486>
On 24 April 2015 at 21:02, Andrew Foss <[email protected]
<mailto:[email protected]>> wrote:
Miroslav,
thank you, that did it! Wow, did I log some hours trying different
combinations, but didn't get that one and you also helped by
suggesting I turn off enc logging, now my logs are more helpful,
before they always ended in "dropped rate-limiting" so really
weren't telling me much.
Interestingly, both the connected devices now have the same
virtual ip 10.254.0.1/32 <http://10.254.0.1/32>, but both seem to
be working fine and the 2 devices never need to talk directly to
one another, so maybe all the devices can use/assign the same ip
address for the client's tunnel? Is that a common way to run?
andrew
On 4/24/15 11:36 AM, Miroslav Svoboda wrote:
This is the problem:
Apr 24 17:21:43 accel charon: 10[IKE] deleting duplicate IKE_SA
for peer 'actmobile' due to uniqueness policy
Look for config option "uniqueids" here:
https://wiki.strongswan.org/projects/strongswan/wiki/ConfigSetupSection
M.
Miroslav Svoboda | +420 608 224 486 <tel:%2B420%20608%20224%20486>
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users