Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Same remote ID

    IPsec
    2
    7
    1022
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jcasanellas last edited by

      Hello,

      I encounter a problem I have to do 3 tunnels ipsec, all perfectly set up separately upload them without problems.

      The problem is that they have the same remote ID, so there can only be one raised and does not let any other tunnel with the same remote ID.

      The reason for the same remote ID is because the operator Movistar has provided us the data in this way.

      Configuring a different remote ID does not work the VPN.

      Thank you very much

      regards

      1 Reply Last reply Reply Quote 0
      • J
        jcasanellas last edited by

        Hello again,

        The problem is that I have multiple tunnels, but these lines have movistar ip telephony.

        So that movistar gives me the identical Peer in all the clients although the client ip is another I have to sign with the same ip.
        The remote gateway is diferent for all tunnels, only same peer identifier for signature.

        I raise the first tunnel without problems to raise the second causes me not to work until I restart the pfsense.

        I found an article that I think is similar to my problem but I can not see how to configure it in pfsense.

        Https://aravindkrishnaswamy.wordpress.com/tag/multiple-vpn-tunnels-with-strongswan/

        Enclosed captures what I am referring to.


        1 Reply Last reply Reply Quote 0
        • J
          jcasanellas last edited by

          When having the same peer in log I see that autodestruye the previous tunnel, is there any way to be able to disable that does not delete the previous peer?
          The error is "Destroying duplicate IKE_SA peer"

          I have the option in "no" of uniqueid

          can you help me? thank you very much

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            You are unlikely to succeed unless the remotes can have different identifiers.

            1 Reply Last reply Reply Quote 0
            • J
              jcasanellas last edited by

              Currently I have this configuration configured by the provider Gigas, ie it has to be possible, which I can not find the option.

              I'm still searching, I'm going to test directly with strongswan to see if I can narrow down the problem further.

              The problem of having the same peer is caused by the Movistar provider when using its virtual PBX.

              Thank you.

              1 Reply Last reply Reply Quote 0
              • J
                jcasanellas last edited by

                @jimp:

                You are unlikely to succeed unless the remotes can have different identifiers.

                Im found this parameter in strongswan.
                https://wiki.strongswan.org/projects/strongswan/wiki/Duplicheck

                Its possible working? Not found in gui web interfaces in pfsense…

                1 Reply Last reply Reply Quote 0
                • J
                  jcasanellas last edited by

                  Hello,

                  Im working in strongswan in a debian distribution.

                  with this file.conf

                  config setup

                  conn c5domain

                  type=tunnel
                          left=81.25.126.250
                          leftsubnet=10.200.1.0/24
                          leftid=82.125.124.251
                          right=c5.domain.es
                          rightid=219.129.126.161
                          rightsubnet=192.168.220.0/24
                          installpolicy = yes

                  #Encriptacio
                          dpdaction = restart
                          dpddelay = 10s
                          dpdtimeout = 60s
                          #keyingtries=0
                          esp=3des-sha1-modp1024
                          ike=3des-sha1-modp1024
                          authby=secret
                          keyexchange=ikev2
                          rekey=yes
                          reauth=yes
                          forceencaps=no
                          mobike=no
                          fragmentation=yes
                          #lifetime

                  ikelifetime=28800s
                          lifetime=28800s
                          auto=route

                  I'm test and work fine.

                  but i'm configure in pfsense not working.
                  In linux version strongswan is US5.2.1/K3.16.0

                  In FreeBSD strongSwan U5.5.1/K10.3

                  Can you help me?

                  Next week i'm test edit files manualy.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense Plus
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy