Change dpdaction to clear?
> On 26 Jul 2015, at 09:34, Tiago Vasconcelos <[email protected]> > wrote: > > I'm getting duplicate SAs: > > Routed Connections: > nyc{1}: ROUTED, TUNNEL, reqid 1 > nyc{1}: 10.71.4.0/24 === 172.30.98.0/25 > Security Associations (1 up, 0 connecting): > nyc[23]: ESTABLISHED 25 minutes ago, > 47.11.120.10[par.xyz.com]...32.254.201.10[nyc.xyz.com] > nyc{203}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: caa1aee8_i cbea4bcf_o > nyc{203}: 10.71.4.0/24 === 172.30.98.0/25 > nyc{204}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: ceabd81b_i c4139b82_o > nyc{204}: 10.71.4.0/24 === 172.30.98.0/25 > nyc{205}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: cffa7d5a_i c39ea537_o > nyc{205}: 10.71.4.0/24 === 172.30.98.0/25 > nyc{206}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: c6595d8f_i ca9cee83_o > nyc{206}: 10.71.4.0/24 === 172.30.98.0/25 > nyc{207}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: ca494b8e_i c9009c65_o > nyc{207}: 10.71.4.0/24 === 172.30.98.0/25 > > > Even though I have set in ipsec.conf: > > uniqueids=yes > > > and I have a .conf file inside strongswan.d directory containing the > following: > > charon { > plugins { > duplicheck { > enable = yes > } > } > } > > > and in strongswan.conf I have: > > include strongswan.d/*.conf > > > Why am I still getting duplicates? > > > For reference, here's my ipsec.conf: > > > config setup > uniqueids=yes > > conn %default > left=47.11.120.10 > leftsubnet=10.71.4.0/24 > [email protected] > leftcert=parcert.pem > mobike=no > leftfirewall=yes > lefthostaccess=yes > ikelifetime=4h > lifetime=3h > dpdaction=restart > dpddelay=10s > > conn d01 > right=32.254.201.10 > [email protected] > rightsubnet=172.30.98.0/25,%dynamic > auto=route > > > Tiago > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
