strongswan ikev2 issue in setting up tunnels
Hi,
There is ipsec configuration made between two linux machines.(version 2.6.21.7)
strongswan version is 4.3.1. configuration is done using ikev2.
There is a rule r1 making use of tunnel v1.
Also there is a rule r2 making use of tunnel v2.
Same set of certificates is used between two tunnels.
When the traffic hits the rule r1,ike negotiations start, child sa gets established. ESP packets start flowing.
But when the traffic is sent which hits the rule r2. Now Ike negotiations have to start from v2. But instead of that, charon says that ike_sa already exists and it tries make this new ike sa as the child sa of existing ike sa and fails eventually.
To overcome this problem, reuse_ikesa = no is added to strongswan.conf file. But with this configuration, when the traffic hits the rule r2, old ike_sa got deleted and new one got established.
But we want both the tunnels to be established at the same time, with the same set of certificates.
Any ideas ?
Regards,
Sriram.
|