Hi Sven, You can try to manually specify the reqid in your ipsec.conf file, as per your log messages a second CHILD_SA is trying to install the same traffic selectors as a previous CHILD_SA.
Also I believe there is a 'unique=yes' option that should reuse the same previously assigned reqid and prevent the creation of multiple CHILD_SA that may conflict with each other. On Fri, Nov 30, 2018 at 5:14 PM Sven Anders <and...@anduras.de> wrote: > Am 28.11.18 um 11:31 schrieb Tobias Brunner: > > Hi Sven, > > > >> So the problem is known? > > > > Not really, but maybe something changed that avoids the issue, and I > > don't particularly fancy debugging old versions. > > > >> Which version should I use at least. Will 5.6.3 be enough or > >> should I use 5.7.1 instead? > > > > If you consider updating, use the latest. > > I will do it, but it will take some time until we can deploy it > to the customer... > > >> There are many request and the log file is very long. > > > > So? > > > >> What kind of message do you expect or what should I search for? > > > > For instance, messages around refcount changes of the policies. You can > > also post it somewhere for us to have a look at. > > Thank you, > > I will send you a link to download it. If anybody want the log output too, > to analyse > it, I will send you the link. > > > Regards > Sven Anders > > -- > Sven Anders <and...@anduras.de> () UTF-8 Ribbon Campaign > /\ Support plain text > e-mail > ANDURAS intranet security AG > Messestrasse 3 - 94036 Passau - Germany > Web: www.anduras.de - Tel: +49 (0)851-4 90 50-0 - Fax: +49 (0)851-4 90 > 50-55 > > Those who would give up essential Liberty, to purchase a little > temporary Safety, deserve neither Liberty nor Safety. > - Benjamin Franklin > >