Hi Tiago, > Perhaps I'm missing something fundamental, but from what I can read on > that wiki page, the purpose of the duplicheck plugin is to prevent the > duplicate IKE_SAs I'm getting.
Not exactly: If a duplicate is found the plugin will attempt to delete the old IKE_SA. If that succeeds, not only is the old SA deleted, the plugin explicitly also deletes the new IKE_SA (and sends a notification via a UNIX socket). So you end up without any SAs in that case, which is probably not what you want (the plugin was created for a customer, it is not really intended for general use). Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
