Am 20.05.19 um 14:59 schrieb Tobias Brunner: > Hi Sven, > > You explicitly disabled handling of INITIAL_CONTACT notifies with > uniqueids=never. So existing IKE_SAs with the same client identity will > not be terminated when a new IKE_SA is created, which also means the > existing virtual IP is not released. Since the same virtual IP can't be > assigned to multiple clients, a new virtual IP is allocated instead. > > Also, reducing the DPD timeout on servers with mobile clients is not > that good an idea as it prevents clients from roaming between networks > (or being without connectivity for a while due to other reasons) and > updating the exiting IKE_SA via MOBIKE afterwards.
Hello Tobias! Thanks for the answer. We set "uniqueids" to "never" to allow simultaneous connections with the same user account. For instance a simultaneous login from the iPhone and the iPad. If this "uniqueness" is only determined by the login username and not further data (like a mac address or name of the connecting device), I see that this will not work. Or do you have any other ideas to make this work? Regards Sven Anders -- Sven Anders <and...@anduras.de> () UTF-8 Ribbon Campaign /\ Support plain text e-mail ANDURAS intranet security AG Messestrasse 3 - 94036 Passau - Germany Web: www.anduras.de - Tel: +49 (0)851-4 90 50-0 - Fax: +49 (0)851-4 90 50-55 Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. - Benjamin Franklin
<<attachment: anders.vcf>>