[strongSwan] Dublicated SA

Thu, 27 Feb 2020 07:59:35 -0800 

Hello,
I am using IPSec in transport mode to connect my networks.
My settings:
ipsec.conf
conn %default
        auto=add
        left=1.1.1.1
        ike=aes256gcm16-sha2_256-ecp521,aes256-sha1-sha2_256-modp1024-ecp521
        esp=aes256gcm16-ecp521,aes256ctr-sha2_256-ecp521
        rekey=no
        dpdaction=clear
        fragmentation=yes
        keyexchange=ikev2
        type=tunnel
        leftauth=pubkey
        rightauth=pubkey
        leftcert=server.crt
        leftsendcert=always
        authby=pubkey
        reauth=no
conn transport
  type=transport
  leftprotoport=udp/l2tp
  rightprotoport=udp/%any


How I can prevent install dublicated SA?


swanctl -l:
transport: #307, ESTABLISHED, IKEv2, 33d5b4f621c1d7e4_i 6b766489df4e6be8_r*
  local  'CN=' @ 1.1.1.1[4500]
  remote 'C=' @ 2.2.2.2[4500]
  AES_CBC-256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_521
  established 1565s ago
transport: #2833, reqid 292, REKEYED, TRANSPORT, ESP:AES_CTR-256/HMAC_SHA2_256_128 
    installed 1565s ago
    in  c60e9eaf, 597320317 bytes, 438354 packets,     0s ago
    out 0c7fcef1, 24187646 bytes, 240074 packets,     7s ago
    local  1.1.1.1/32[udp/l2f]
    remote 2.2.2.2/32[udp/l2f]
transport: #3035, reqid 292, INSTALLED, TRANSPORT, ESP:AES_CTR-256/HMAC_SHA2_256_128/ECP_521 
    installed 108s ago
    in  c282733a,      0 bytes,     0 packets,     5s ago
    out 08735373,      0 bytes,     0 packets
    local  1.1.1.1/32[udp/l2f]
    remote 2.2.2.2/32[udp/l2f]
transport: #3038, reqid 292, INSTALLED, TRANSPORT, ESP:AES_CTR-256/HMAC_SHA2_256_128/ECP_521 
    installed 93s ago
    in  c5aaccad,      0 bytes,     0 packets,     5s ago
    out 0b9a47ee,      0 bytes,     0 packets
    local  1.1.1.1/32[udp/l2f]
    remote 2.2.2.2/32[udp/l2f]
transport: #3043, reqid 292, INSTALLED, TRANSPORT, ESP:AES_CTR-256/HMAC_SHA2_256_128/ECP_521 
    installed 72s ago
    in  cb17dcf3,      0 bytes,     0 packets,     5s ago
    out 04ccf002,      0 bytes,     0 packets
    local  1.1.1.1/32[udp/l2f]
    remote 2.2.2.2/32[udp/l2f]
transport: #3049, reqid 292, INSTALLED, TRANSPORT, ESP:AES_CTR-256/HMAC_SHA2_256_128/ECP_521 
    installed 44s ago
    in  c0ed0e45,      0 bytes,     0 packets,     5s ago
    out 01d6f597,      0 bytes,     0 packets
    local  1.1.1.1/32[udp/l2f]
    remote 2.2.2.2/32[udp/l2f]
transport: #3052, reqid 292, INSTALLED, TRANSPORT, ESP:AES_CTR-256/HMAC_SHA2_256_128/ECP_521 
    installed 27s ago
    in  c2a82d3b,      0 bytes,     0 packets,     5s ago
    out 0753eda2,      0 bytes,     0 packets
    local  1.1.1.1/32[udp/l2f]
    remote 2.2.2.2/32[udp/l2f]
transport: #3058, reqid 292, INSTALLED, TRANSPORT, ESP:AES_CTR-256/HMAC_SHA2_256_128/ECP_521 
    installed 8s ago
    in  cd035006,      0 bytes,     0 packets,     5s ago
    out 0e360563,      0 bytes,     0 packets
    local  1.1.1.1/32[udp/l2f]
     remote 2.2.2.2/32[udp/l2f]

Reply via email to