Same remote ID
-
Hello,
I encounter a problem I have to do 3 tunnels ipsec, all perfectly set up separately upload them without problems.
The problem is that they have the same remote ID, so there can only be one raised and does not let any other tunnel with the same remote ID.
The reason for the same remote ID is because the operator Movistar has provided us the data in this way.
Configuring a different remote ID does not work the VPN.
Thank you very much
regards
-
Hello again,
The problem is that I have multiple tunnels, but these lines have movistar ip telephony.
So that movistar gives me the identical Peer in all the clients although the client ip is another I have to sign with the same ip.
The remote gateway is diferent for all tunnels, only same peer identifier for signature.I raise the first tunnel without problems to raise the second causes me not to work until I restart the pfsense.
I found an article that I think is similar to my problem but I can not see how to configure it in pfsense.
Https://aravindkrishnaswamy.wordpress.com/tag/multiple-vpn-tunnels-with-strongswan/
Enclosed captures what I am referring to.
-
When having the same peer in log I see that autodestruye the previous tunnel, is there any way to be able to disable that does not delete the previous peer?
The error is "Destroying duplicate IKE_SA peer"I have the option in "no" of uniqueid
can you help me? thank you very much
-
You are unlikely to succeed unless the remotes can have different identifiers.
-
Currently I have this configuration configured by the provider Gigas, ie it has to be possible, which I can not find the option.
I'm still searching, I'm going to test directly with strongswan to see if I can narrow down the problem further.
The problem of having the same peer is caused by the Movistar provider when using its virtual PBX.
Thank you.
-
You are unlikely to succeed unless the remotes can have different identifiers.
Im found this parameter in strongswan.
https://wiki.strongswan.org/projects/strongswan/wiki/DuplicheckIts possible working? Not found in gui web interfaces in pfsense…
-
Hello,
Im working in strongswan in a debian distribution.
with this file.conf
config setup
conn c5domain
type=tunnel
left=81.25.126.250
leftsubnet=10.200.1.0/24
leftid=82.125.124.251
right=c5.domain.es
rightid=219.129.126.161
rightsubnet=192.168.220.0/24
installpolicy = yes#Encriptacio
dpdaction = restart
dpddelay = 10s
dpdtimeout = 60s
#keyingtries=0
esp=3des-sha1-modp1024
ike=3des-sha1-modp1024
authby=secret
keyexchange=ikev2
rekey=yes
reauth=yes
forceencaps=no
mobike=no
fragmentation=yes
#lifetimeikelifetime=28800s
lifetime=28800s
auto=routeI'm test and work fine.
but i'm configure in pfsense not working.
In linux version strongswan is US5.2.1/K3.16.0In FreeBSD strongSwan U5.5.1/K10.3
Can you help me?
Next week i'm test edit files manualy.