reqid setting is ignored since strongSwan 5.3.0
I have several net-to-net and host-to-net tunnel-esp-connections in use with fixed reqids and fixed iptables-rules related to the connections.
After updating strongSwan from version 5.2.2 to 5.3.0, I reognized that I can't reach hosts on the other sites, while the SA are established. While analyzing the problem, I see that the reqid settings in ipsec.conf are ignored and the SA uses reqids incremented form one beginning and make my iptables-rules useless.
Is this related to the new global CHILD_SA reqid allocation mechanism? Is there any workaround?
With kind Regards
Here is a cutout of my config from one site:
#1 Updated by Martin Willi over 5 years ago
- Tracker changed from Issue to Bug
- Status changed from New to Feedback
- Assignee set to Martin Willi
Thanks for your bug report. In fact it seems to be true that fixed reqids are broken in 5.3.0 due to the reqid allocation refactorings.
You may try this patch to fix the issue.