Project

General

Profile

Actions

Bug #4129

closed

IPsec connections with multiple P2s use only first SA

Added by Chris Buechler almost 10 years ago. Updated almost 10 years ago.

Status:
Resolved
Priority:
Very High
Assignee:
Ermal Luçi
Category:
IPsec
Target version:
Start date:
12/19/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2
Affected Architecture:

Description

Where you have multiple P2s on a P1, only the first is actually used. The SPD and SAD are correct in setkey's output, but all outbound traffic on a given P1 ends up on the first SA. This breaks all the P2s other than the first. Can confirm via byte counters on SAs, and when testing with certain devices you'll get logs such as "the peer is sending other traffic through this security association" (from an ASA).


Files

StrongSwan ipsec logs2.txt (19.9 KB) StrongSwan ipsec logs2.txt Logging from StrongSwan with 3 different tests Pi Ba, 12/20/2014 05:16 PM
Actions

Also available in: Atom PDF