Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Same remote ID

    Scheduled Pinned Locked Moved IPsec
    7 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jcasanellas
      last edited by

      Hello,

      I encounter a problem I have to do 3 tunnels ipsec, all perfectly set up separately upload them without problems.

      The problem is that they have the same remote ID, so there can only be one raised and does not let any other tunnel with the same remote ID.

      The reason for the same remote ID is because the operator Movistar has provided us the data in this way.

      Configuring a different remote ID does not work the VPN.

      Thank you very much

      regards

      1 Reply Last reply Reply Quote 0
      • J
        jcasanellas
        last edited by

        Hello again,

        The problem is that I have multiple tunnels, but these lines have movistar ip telephony.

        So that movistar gives me the identical Peer in all the clients although the client ip is another I have to sign with the same ip.
        The remote gateway is diferent for all tunnels, only same peer identifier for signature.

        I raise the first tunnel without problems to raise the second causes me not to work until I restart the pfsense.

        I found an article that I think is similar to my problem but I can not see how to configure it in pfsense.

        Https://aravindkrishnaswamy.wordpress.com/tag/multiple-vpn-tunnels-with-strongswan/

        Enclosed captures what I am referring to.

        Captura.PNG
        Captura.PNG_thumb

        1 Reply Last reply Reply Quote 0
        • J
          jcasanellas
          last edited by

          When having the same peer in log I see that autodestruye the previous tunnel, is there any way to be able to disable that does not delete the previous peer?
          The error is "Destroying duplicate IKE_SA peer"

          I have the option in "no" of uniqueid

          can you help me? thank you very much

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            You are unlikely to succeed unless the remotes can have different identifiers.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • J
              jcasanellas
              last edited by

              Currently I have this configuration configured by the provider Gigas, ie it has to be possible, which I can not find the option.

              I'm still searching, I'm going to test directly with strongswan to see if I can narrow down the problem further.

              The problem of having the same peer is caused by the Movistar provider when using its virtual PBX.

              Thank you.

              1 Reply Last reply Reply Quote 0
              • J
                jcasanellas
                last edited by

                @jimp:

                You are unlikely to succeed unless the remotes can have different identifiers.

                Im found this parameter in strongswan.
                https://wiki.strongswan.org/projects/strongswan/wiki/Duplicheck

                Its possible working? Not found in gui web interfaces in pfsense…

                1 Reply Last reply Reply Quote 0
                • J
                  jcasanellas
                  last edited by

                  Hello,

                  Im working in strongswan in a debian distribution.

                  with this file.conf

                  config setup

                  conn c5domain

                  type=tunnel
                          left=81.25.126.250
                          leftsubnet=10.200.1.0/24
                          leftid=82.125.124.251
                          right=c5.domain.es
                          rightid=219.129.126.161
                          rightsubnet=192.168.220.0/24
                          installpolicy = yes

                  #Encriptacio
                          dpdaction = restart
                          dpddelay = 10s
                          dpdtimeout = 60s
                          #keyingtries=0
                          esp=3des-sha1-modp1024
                          ike=3des-sha1-modp1024
                          authby=secret
                          keyexchange=ikev2
                          rekey=yes
                          reauth=yes
                          forceencaps=no
                          mobike=no
                          fragmentation=yes
                          #lifetime

                  ikelifetime=28800s
                          lifetime=28800s
                          auto=route

                  I'm test and work fine.

                  but i'm configure in pfsense not working.
                  In linux version strongswan is US5.2.1/K3.16.0

                  In FreeBSD strongSwan U5.5.1/K10.3

                  Can you help me?

                  Next week i'm test edit files manualy.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.