Hi, Yes, the problem is caused by your reuse of certificates. strongSwan identifies initiators by their ID by default (it's the only way to detect rekeyings and delete the previous SA correctly). You need to create a new certificate for each initiator.
Kind regards Noel On 26.12.2017 17:48, lejeczek wrote: > hi people > > I have a server and a roadwarrior connects to the server fine,config uses > certificates, all seems ok. > Then I've tried to setup a second RR, I use the same setting same certs, only > IP is different, naturally. > > But, there I have a problem, it must be trivial - I believe many simultaneous > clients for strongwan is a norm - when the first client is connect and all is > fine and the second clientconnects, also successfully, then first client gets > disconnected!? > > I guess, my first question would be - can my clients use the same one > certificate? It is why the server disconnects one, because both clients use > the same cert? > > Being merely a user(not a an expert) I can guess this might be telling you > more: > > 13[ENC] parsed IKE_AUTH request 1 [ EF(1/2) ] > 09[CFG] detected duplicate IKE_SA for 'O=my, CN=my.dom', triggering delete > for old IKE_SA > 11[IKE] destroying IKE_SA in state DELETING without notification > 09[IKE] sending end entity cert "O=my, CN=my.dom" > 11[CFG] delete for duplicate IKE_SA 'O=my, CN=my.dom' timed out, keeping new > IKE_SA > 09[IKE] peer requested virtual IP 10.3.1.221 > > many thanks, L.
signature.asc
Description: OpenPGP digital signature
