Network connections are displayed multiple times in IPSec 26.1.9.

Lochkartenknipser · June 14, 2026, 01:18:16 PM

Hi,

After updating from 26.1.8 to 26.1.9, 5 Phase 2 connections are displayed for a single IPSec connection.

You cannot view this attachment.

Settings from Phase 2:

You cannot view this attachment.

The same applies to the SA database.
The SP database is normal, with one relationship for each source and destination.

In version 26.1.8, the relationships were unique and not listed multiple times.
Has something changed in version 26.1.9?

Markus

franco · June 14, 2026, 01:51:48 PM

Hi Markus,

Cedrik may be more helpful with interpreting the output, but I can confidently say that nothing was changed in the IPsec code.

Cheers,
Franco

Monviech (Cedrik) · June 14, 2026, 09:19:32 PM

The only thing I know here that it's generally not a problem because the latest installed SA wins.

Duplicate SAs can be normal during rekeying.

Check your logs if you can find the reason why multiple SAs have been created, there should be some evidence.

Trap+Start as start action could be changed to "Start" if you want to be initiator or "None" if the other side should initiate. Finding out who is the best initiator can help with some of these quirks.

Network connections are displayed multiple times in IPSec 26.1.9.

Lochkartenknipser

June 14, 2026, 01:18:16 PM

franco

June 14, 2026, 01:51:48 PM #1

Monviech (Cedrik)

June 14, 2026, 09:19:32 PM #2