Same remote ID

jcasanellas

Hello,

I encounter a problem I have to do 3 tunnels ipsec, all perfectly set up separately upload them without problems.

The problem is that they have the same remote ID, so there can only be one raised and does not let any other tunnel with the same remote ID.

The reason for the same remote ID is because the operator Movistar has provided us the data in this way.

Configuring a different remote ID does not work the VPN.

Thank you very much

regards

jcasanellas

Hello again,

The problem is that I have multiple tunnels, but these lines have movistar ip telephony.

So that movistar gives me the identical Peer in all the clients although the client ip is another I have to sign with the same ip.
The remote gateway is diferent for all tunnels, only same peer identifier for signature.

I raise the first tunnel without problems to raise the second causes me not to work until I restart the pfsense.

I found an article that I think is similar to my problem but I can not see how to configure it in pfsense.

Https://aravindkrishnaswamy.wordpress.com/tag/multiple-vpn-tunnels-with-strongswan/

Enclosed captures what I am referring to.

jcasanellas

When having the same peer in log I see that autodestruye the previous tunnel, is there any way to be able to disable that does not delete the previous peer?
The error is "Destroying duplicate IKE_SA peer"

I have the option in "no" of uniqueid

can you help me? thank you very much

jimp

You are unlikely to succeed unless the remotes can have different identifiers.

jcasanellas

Currently I have this configuration configured by the provider Gigas, ie it has to be possible, which I can not find the option.

I'm still searching, I'm going to test directly with strongswan to see if I can narrow down the problem further.

The problem of having the same peer is caused by the Movistar provider when using its virtual PBX.

Thank you.

jcasanellas

@jimp:

You are unlikely to succeed unless the remotes can have different identifiers.

Im found this parameter in strongswan.
https://wiki.strongswan.org/projects/strongswan/wiki/Duplicheck

Its possible working? Not found in gui web interfaces in pfsense…

jcasanellas

Hello,

Im working in strongswan in a debian distribution.

with this file.conf

config setup

conn c5domain

type=tunnel
        left=81.25.126.250
        leftsubnet=10.200.1.0/24
        leftid=82.125.124.251
        right=c5.domain.es
        rightid=219.129.126.161
        rightsubnet=192.168.220.0/24
        installpolicy = yes

#Encriptacio
        dpdaction = restart
        dpddelay = 10s
        dpdtimeout = 60s
        #keyingtries=0
        esp=3des-sha1-modp1024
        ike=3des-sha1-modp1024
        authby=secret
        keyexchange=ikev2
        rekey=yes
        reauth=yes
        forceencaps=no
        mobike=no
        fragmentation=yes
        #lifetime

ikelifetime=28800s
        lifetime=28800s
        auto=route

I'm test and work fine.

but i'm configure in pfsense not working.
In linux version strongswan is US5.2.1/K3.16.0

In FreeBSD strongSwan U5.5.1/K10.3

Can you help me?

Next week i'm test edit files manualy.