[prev in list] [next in list] [prev in thread] [next in thread] 

List:       strongswan-users
Subject:    [strongSwan] a question with theIPsec tunnel  established
From:       "=?gbk?B?w7fP4w==?=" <747201427 () qq ! com>
Date:       2013-02-22 9:27:49
Message-ID: tencent_7BD807103CF0B5FB625EB1CA () qq ! com
[Download RAW message or body]


=======                        =========                       ========
> AP | <====================> | router|<====================> |  GW  |
=======                        =========                       ========
First all, CHILD_SA fap-psk is established between AP and GW. And the GW show me such \
                message:
******************************************************
Jan 31 19:44:47 (none) daemon.info charon: 78[IKE] CHILD_SA fap-psk{3} established \
with SPIs ca0b653f_i c1c43dbb_o and TS 10.1.0.0/16 172.16.15.0/24 === 10.23.100.1/32  \
 Jan 31 19:44:47 (none) authpriv.info charon: 78[IKE] CHILD_SA fap-psk{3} established \
with SPIs ca0b653f_i c1c43dbb_o and TS 10.1.0.0/16 172.16.15.0/24 === 10.23.100.1/32  \
                
******************************************************

Then, I let the AP restart. I found the IPsec tunnel could not be established as \
                usual. And I check the message of GW:
******************************************************
Jan 31 19:49:18 (none) daemon.info charon: 130[KNL] unable to add SAD entry with SPI \
c1c43dbb: File exists (17)  Jan 31 19:49:18 (none) daemon.info charon: 130[IKE] \
                unable to install outbound IPsec SA (SAD) in kernel 
******************************************************
The SPI c1c43dbb is the same with last time.
But a minute later, the AP send init packet for IPsec again. This time, they can \
establish IPsec tunnel with another SPI.

And my questions are:
1, After being restarted, is the AP sending the same SPI allowed?
2,Why they could not establish IPsec tunnel with the same SPI?
3, can they not establish IPsec tunnel all the time, If the AP always send the same \
SPI to GW ? How to avoid this situation?

_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic