Bug #3769
closedOnly the first phase 2 entry is used when multiple entries are present for an IPsec tunnel in 2.2
0%
Description
See the attached config.xml file. The ipsec phase 1 peers with ikeid's 2 and 3 are active. Each of them have 3 phase 2 associations configured. But strongswan isn't using all of them them. On the SPD tab of Status -> IPsec, only the first phase 2 entry shows up for each tunnel. And the output of '/usr/local/sbin/ipsec status' only lists the first entry (the one with the 169.254.x.y addresses) as well:
[2.2-ALPHA][admin@vpn-test-endpoint2.staff.pfmechanics.com]/root(8): ipsec status
Security Associations (2 up, 0 connecting):
con2-27: ESTABLISHED 53 seconds ago, 192.207.126.12[192.207.126.12]...54.240.217.160[54.240.217.160]
con2-2{2}: INSTALLED, TUNNEL, ESP SPIs: c709827d_i f0ae3dac_o
con2-2{2}: 169.254.255.72/30|/0 === 169.254.255.72/30|/0
con2-2{2}: INSTALLED, TUNNEL, ESP SPIs: cbaffa4f_i 09a5af6c_o
con2-2{2}: 169.254.255.72/30|/0 === 169.254.255.72/30|/0
con3-36: ESTABLISHED 2 minutes ago, 192.207.126.12[192.207.126.12]...54.240.217.166[54.240.217.166]
con3-3{3}: INSTALLED, TUNNEL, ESP SPIs: c7c616ba_i 5166be21_o
con3-3{3}: 169.254.255.76/30|/0 === 169.254.255.76/30|/0
con3-3{3}: INSTALLED, TUNNEL, ESP SPIs: c34deb9b_i 2033bb6b_o
con3-3{3}: 169.254.255.76/30|/0 === 169.254.255.76/30|/0
See the attached ipsec.conf file.
Each of the entries for a particular phase 1 peer (3 entries for each of them) is getting created with the same name/label in /var/etc/ipsec/ipsec.conf. E.g. conn2-2, conn3-3. When I manually changed this and restarted ipsec, things worked as expected. The attached patch works to get the entries generated with unique names.
Files
Updated by Matthew Smith over 10 years ago
pushed the patch to master. Will test in next snapshot.
Updated by Matthew Smith over 10 years ago
The change included in the next snapshot worked fine.
Updated by Ermal Luçi about 10 years ago
- Status changed from New to Feedback
This has been resolved since at least 12 days or more.
Can yo uplease try again with latest snapshot?