Same remote ID



  • Hello,

    I encounter a problem I have to do 3 tunnels ipsec, all perfectly set up separately upload them without problems.

    The problem is that they have the same remote ID, so there can only be one raised and does not let any other tunnel with the same remote ID.

    The reason for the same remote ID is because the operator Movistar has provided us the data in this way.

    Configuring a different remote ID does not work the VPN.

    Thank you very much

    regards



  • Hello again,

    The problem is that I have multiple tunnels, but these lines have movistar ip telephony.

    So that movistar gives me the identical Peer in all the clients although the client ip is another I have to sign with the same ip.
    The remote gateway is diferent for all tunnels, only same peer identifier for signature.

    I raise the first tunnel without problems to raise the second causes me not to work until I restart the pfsense.

    I found an article that I think is similar to my problem but I can not see how to configure it in pfsense.

    Https://aravindkrishnaswamy.wordpress.com/tag/multiple-vpn-tunnels-with-strongswan/

    Enclosed captures what I am referring to.




  • When having the same peer in log I see that autodestruye the previous tunnel, is there any way to be able to disable that does not delete the previous peer?
    The error is "Destroying duplicate IKE_SA peer"

    I have the option in "no" of uniqueid

    can you help me? thank you very much


  • Rebel Alliance Developer Netgate

    You are unlikely to succeed unless the remotes can have different identifiers.



  • Currently I have this configuration configured by the provider Gigas, ie it has to be possible, which I can not find the option.

    I'm still searching, I'm going to test directly with strongswan to see if I can narrow down the problem further.

    The problem of having the same peer is caused by the Movistar provider when using its virtual PBX.

    Thank you.



  • @jimp:

    You are unlikely to succeed unless the remotes can have different identifiers.

    Im found this parameter in strongswan.
    https://wiki.strongswan.org/projects/strongswan/wiki/Duplicheck

    Its possible working? Not found in gui web interfaces in pfsense…



  • Hello,

    Im working in strongswan in a debian distribution.

    with this file.conf

    config setup

    conn c5domain

    type=tunnel
            left=81.25.126.250
            leftsubnet=10.200.1.0/24
            leftid=82.125.124.251
            right=c5.domain.es
            rightid=219.129.126.161
            rightsubnet=192.168.220.0/24
            installpolicy = yes

    #Encriptacio
            dpdaction = restart
            dpddelay = 10s
            dpdtimeout = 60s
            #keyingtries=0
            esp=3des-sha1-modp1024
            ike=3des-sha1-modp1024
            authby=secret
            keyexchange=ikev2
            rekey=yes
            reauth=yes
            forceencaps=no
            mobike=no
            fragmentation=yes
            #lifetime

    ikelifetime=28800s
            lifetime=28800s
            auto=route

    I'm test and work fine.

    but i'm configure in pfsense not working.
    In linux version strongswan is US5.2.1/K3.16.0

    In FreeBSD strongSwan U5.5.1/K10.3

    Can you help me?

    Next week i'm test edit files manualy.