Dear Colleagues,
What's the reason for strongSwan to create (sometimes) multiple SAs for
a single peer? Please see the example below where the "officeru3" peer
looks fine to me while the "officeru4" peer has an extraneous SA.
root@tunn:~# ipsec status | grep officeru3
officeru3{2}: ROUTED, TRANSPORT, reqid 2
officeru3{2}: x.x.x.x/32[gre] === y.y.y.y/32[gre]
officeru3[27]: ESTABLISHED 108 minutes ago,
x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
officeru3{83}: INSTALLED, TRANSPORT, reqid 2, ESP in UDP SPIs: c1f542b3_i
0e4df460_o
officeru3{83}: x.x.x.x/32[gre] === y.y.y.y/32[gre]
root@tunn:~#
root@tunn:~# ipsec status | grep officeru4
officeru4{3}: ROUTED, TRANSPORT, reqid 3
officeru4{3}: x.x.x.x/32[gre] === z.z.z.z/32[gre]
officeru4[30]: ESTABLISHED 60 minutes ago,
x.x.x.x[x.x.x.x]...z.z.z.z[z.z.z.z]
officeru4{82}: INSTALLED, TRANSPORT, reqid 3, ESP in UDP SPIs: c50d4bb3_i
0f33c281_o
officeru4{82}: x.x.x.x/32[gre] === z.z.z.z/32[gre]
officeru4[28]: ESTABLISHED 106 minutes ago,
x.x.x.x[x.x.x.x]...z.z.z.z[z.z.z.z]
officeru4{84}: INSTALLED, TRANSPORT, reqid 3, ESP in UDP SPIs: c02ebd2f_i
0a5e786d_o
officeru4{84}: x.x.x.x/32[gre] === z.z.z.z/32[gre]
root@tunn:~#
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
