Issue #795
pool is full, unable to assign address problem
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Affected version:
5.2.0
Resolution:
Description
Through the command "ipsec statusall" view IP pool is not full, but when "offline" display of "0", the user login that log will be the problem of the "pool is full, unable to assign address"
ipsec statusall:
Status of IKE charon daemon (strongSwan 5.2.0, Linux 3.10.0-123.el7.x86_64, x86_64): uptime: 8 days, since Dec 12 06:07:40 2014 malloc: sbrk 22016000, mmap 528384, used 19777232, free 2238768 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 44291 loaded plugins: charon test-vectors aes des rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf xcbc cmac hmac attr kernel-netlink resolve socket-default farp stroke updown eap-identity eap-md5 eap-mschapv2 eap-radius xauth-generic xa uth-eap Virtual IP pools (size/online/offline): 10.3.30.0/23: 510/218/0 Listening IP addresses: 20.104.136.165 20.104.136.167
strongswan log:
Dec 20 12:56:25 07[CFG] <win7%android0|28705> pool '10.3.30.0/23' is full, unable to assign address Dec 20 12:56:25 07[IKE] <win7%android0|28705> no virtual IP found for %any requested by 'someone' Dec 20 12:56:25 07[IKE] <win7%android0|28705> no virtual IP found, sending INTERNAL_ADDRESS_FAILURE Dec 20 12:56:25 07[IKE] <win7%android0|28705> configuration payload negotiation failed, no CHILD_SA built
Related issues
History
#1 Updated by junke jiang over 10 years ago
ipsec.conf:
config setup
uniqueids=never
conn %default
keyingtries=3
dpdaction=clear
dpddelay=30s
dpdtimeout=120s
leftsubnet=0.0.0.0/0
right=%any
eap_identity=%identity
reauth=no
ikelifetime=24h
lifetime=24h
rekey=no
auto=add
leftupdown="/etc/ipsec.updown"
conn ios_ca
keyexchange=ikev1
rightauth=pubkey
rightauth2=xauth-eap
xauth=server
conn ios_psk
keyexchange=ikev1
authby=xauthpsk
leftauth=psk
rightauth=psk
xauth=server
rightauth2=xauth-eap
conn win7%android
ike=aes128-sha1-modp1024!
esp=aes128-sha1!
leftauth=pubkey
rightauth=eap-radius
rightsendcert=never
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
keyexchange=ikev1
authby=xauthpsk
leftauth=psk
rightauth=psk
keyingtries=3
rightauth2=xauth-eap
right=%any
type=tunnel
leftprotoport=17/1701
rightprotoport=17/%any
#2 Updated by junke jiang over 10 years ago
ipsec leases:
Leases in pool '10.3.30.0/23', usage: 218/510, 218 online
10.3.30.104 online '279*******com'
10.3.30.208 online 'zwq*******com'
10.3.30.138 online 'liuy*******com'
10.3.30.201 online 'kata*******com'
10.3.30.202 online '445164*******com'
10.3.30.84 online '163877*******com'
10.3.30.128 online 'anginwei*******com'
10.3.30.240 online 'idleon*******com'
10.3.30.210 online 'zihanhuanshen*******com'
... ...
all online,no one offline.
#3 Updated by junke jiang over 10 years ago
strongswan 5.2.1 has the same problem
#4 Updated by Tobias Brunner over 10 years ago
- Related to Bug #764: Report IP pool is full even not so much user online! added
#5 Updated by Tobias Brunner over 10 years ago
- Related to deleted (Bug #764: Report IP pool is full even not so much user online!)
#6 Updated by Tobias Brunner over 10 years ago
- Is duplicate of Bug #764: Report IP pool is full even not so much user online! added
#7 Updated by Tobias Brunner over 10 years ago
- Status changed from New to Closed