I am not 100 % sure yet, however the impression is, not more than 1. FreeBSD 13.1-RELEASE strongSwan 5.9.6
As soon as there are more than 1 connections having different virtual peer addresses connected to the same local address, the system suffers connection losses. From charon's point of view, the connections are still open, and there is nothing different with the SA’s and the SP’s, only the packet flow just stops. This happens with IKEv1 in transport mode (for L2TP/IPsec) and with IKEv2 in tunnel mode. When pinging continuously a respective peer from either side, the ping stalls after 5 to 25 min. First I saw this with more than one IKEv2 tunnel. Only yesterday, I established a L2TP/IPsec connection to the same VPN server, while 2 IKEv2 tunnels were open. It started to work well as usual, only that the packet flow just stopped without further notice. The L2TP client dropped the connection after 27 min, but IPsec was already squeezed to no flow then for about 2 min. Below are excerpts of ipsec.conf on the server side. The client sides are symmetrically similar. Any ideas? Best regards Rolf conn L2TP/IPsec-PSK keyexchange = ikev1 type = transport leftauth = psk left = %defaultroute leftprotoport=17/1701 rightauth = psk right = %any rightprotoport=17/%any auto = add conn IKEv2-1-PSK keyexchange = ikev2 mobike = no leftauth = psk leftid = [email protected] leftsubnet = 10.u.v.0/24 rightauth = psk rightid = [email protected] right = %any rightsubnet = 10.x.y.0/24 auto = add conn IKEv2-2-PSK ... conn IKEv2-3-PSK ... etc.
