Re: [strongSwan] erratic disconnects from Alcatel DeskPhone VPN clients (reassigning online vs. offline lease)

Hello again Quick follow-up from myself: We have narrowed the problem down to the reauthentication of the IKEv2 SA. New findings: Alcatel DeskPhones are running Strongwan with following parameters: vpn: IKEv2, reauthentication every 3600s, no rekeying local: 172.20.2.56 remote: Y.Y.Y.1

[strongSwan] erratic disconnects from Alcatel DeskPhone VPN clients

Hello All This is a follow-up to my problem with a bunch of Alcatel DeskPhones 8058s connecting to our StrongSwan using their built-in IPsec client with IKEv2 + MS-CHAP/EAP + PSK: https://lists.strongswan.org/pipermail/users/2020-October/014761.html After a successful test period with a small

Re: [strongSwan] How to handle duplicate client IDs?

Am 22.10.20 um 16:21 schrieb Tobias Brunner: No edge case, you have the duplicheck plugin loaded. Read [1] and then disable it because it's only really useful for very specific use cases. [...] [1] https://wiki.strongswan.org/projects/strongswan/wiki/Duplicheck Stupid me. :-/ Already ca

[strongSwan] How to handle duplicate client IDs?

Hello All We are connecting hardware IP phones with their built-in IPsec client to our strongSwan server. The phones can do IKEv2 with PSK plus EAP authentication. Everything is working fine until two "road warrior phones" happen do have the same RFC1918 IPv4 address within their correspondin