Hi Tobias > Please read the description of the duplicheck plugin's behavior on its
wiki page [1]. It's most likely not what you want.
Perhaps I'm missing something fundamental, but from what I can read on that wiki page, the purpose of the duplicheck plugin is to prevent the duplicate IKE_SAs I'm getting.
Hard to tell without logs. But since the daemon is multi-threaded, not all duplicates are currently resolved. If two peers concurrently establish SAs to each other duplicate SAs are quite likely. Due to the reqid changes in 5.3.x such duplicates shouldn't be much of an issue anymore though.
I reduced the number of duplicates by fixing the remote strongSwan's config (still a 4.6, while the local strongSwan is a 5.3.2) which had add=start. But this has not completely eliminated the duplicates.
Glad to know that, from 5.3.x onwards duplicates are not an issue. Thanks, Tiago _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
