Hi Joern, > Let me attach a charon.log we took as we replicated the issue. I see > several messages like these: > > ... > Jul 30 17:35:59 03[CFG] <srxgw|1> unable to install policy 0.0.0.0/0 === > 0.0.0.0/0 fwd (mark 0/0x00000000) for reqid 2, the same policy for reqid 1 > exists > Jul 30 17:35:59 03[IKE] <srxgw|1> unable to install IPsec policies (SPD) in > kernel > > Are these the messages you were referring to?
Exactly. Starting with strongSwan 5.3.0 the same reqid will be used when the policies are installed with the second SA. So you'll end up with redundant SAs but that shouldn't be a problem. Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
