Using strongSwan as VPN server to supervised (always-on) iOS VPN clients. Two associations to the server are established by iOS clients. Why?Cisco IOS Router and Azure VPN - tunnel established, but traffic is not flowingStrongswan VPN Established but no Packets RoutedSplit multicast traffic on two vlans using IOSStrongswan VPN tunnel between two AWS instances won't connectCentOS + strongswan + iOS VPN API, halStrongswan - IOS Roadwarrior cannot access hosts on the internetStrongswan IKEv2 VPN on OS X 10.11 and iOS 10 ClientsStrongswan site-to-site VPN connected/established but can't ping servers on remote subnetStrongswan site-to-site VPN connected/established but can't ping serverHow can I make strongSwan clients auto reconnect when server is down?

.NET executes a SQL query and Active Monitor shows multiple rows blocking each other

How is hair tissue mineral analysis performed?

How large would a mega structure have to be to host 1 billion people indefinitely?

How to model a twisted cylinder like this

Hot coffee brewing solutions for deep woods camping

Why did pressing the joystick button spit out keypresses?

Why do some professors with PhDs leave their professorships to teach high school?

How many people are necessary to maintain modern civilisation?

Is it illegal to withhold someone's passport and green card in California?

Is it damaging to turn off a small fridge for two days every week?

Count All Possible Unique Combinations of Letters in a Word

Why is it recommended to mix yogurt starter with a small amount of milk before adding to the entire batch?

If I wouldn't want to read the story, is writing it still a good idea?

Do I have to explain the mechanical superiority of the player-character within the fiction of the game?

How would modern naval warfare have to have developed differently for battleships to still be relevant in the 21st century?

Would it be a copyright violation if I made a character’s full name refer to a song?

When to remove insignificant variables?

Is a single radon-daughter atom in air a solid?

Can you find x?

Why do all the teams that I have worked with always finish a sprint without completion of all the stories?

What size of powerbank will I need to power a phone and DSLR for 2 weeks?

Why don't countries like Japan just print more money?

What is the origin of Scooby-Doo's name?

Applications for 100 GHz band?



Using strongSwan as VPN server to supervised (always-on) iOS VPN clients. Two associations to the server are established by iOS clients. Why?


Cisco IOS Router and Azure VPN - tunnel established, but traffic is not flowingStrongswan VPN Established but no Packets RoutedSplit multicast traffic on two vlans using IOSStrongswan VPN tunnel between two AWS instances won't connectCentOS + strongswan + iOS VPN API, halStrongswan - IOS Roadwarrior cannot access hosts on the internetStrongswan IKEv2 VPN on OS X 10.11 and iOS 10 ClientsStrongswan site-to-site VPN connected/established but can't ping servers on remote subnetStrongswan site-to-site VPN connected/established but can't ping serverHow can I make strongSwan clients auto reconnect when server is down?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








1















I’m using rightsourceip=%dhcp on the server so two clients cannot have the same leftid.



Prior to using rightsourceip=%dhcp, I used uniqueids=never and 10.0.2.0/24 to allow multiple clients with the same leftid, but that doesn’t appear to work with rightsourceip=%dhcp (am I doing something wrong?).



Looks like supervised (always-on) iOS VPN clients establish two associations, one over LTE and one over Wi-Fi... which breaks connectivity to the VPN server. Guess the server doesn’t know to which association the packets have to be sent... and perhaps iOS isn’t listening on both interfaces once Wi-Fi is up.



How can I fix this? Also, what does rekeying disabled mean?



Security Associations (5 up, 0 connecting):
 ikev2[7]: ESTABLISHED 65 seconds ago, 159.203.26.109[my-vpn.com]...207.46.13.62[client@my-vpn.com]
 ikev2[7]: IKEv2 SPIs: 0a53e7fec5e65e2b_i 2d03da3fce35f91c_r*, rekeying disabled
 ikev2[7]: IKE proposal: AES_GCM_16_256/PRF_HMAC_SHA2_384/MODP_3072
 ikev27: INSTALLED, TUNNEL, reqid 5, ESP in UDP SPIs: c468b92b_i 00006960_o
 ikev27: AES_GCM_16_256, 8795 bytes_i (22 pkts, 0s ago), 4983 bytes_o (19 pkts, 41s ago), rekeying disabled
 ikev27: 0.0.0.0/0 === 10.0.2.13/32
 ikev2[6]: ESTABLISHED 65 seconds ago, 159.203.26.109[my-vpn.com]...157.55.39.61[client@my-vpn.com]
 ikev2[6]: IKEv2 SPIs: e2a7434252a49075_i fe57e34b97ba086e_r*, rekeying disabled
 ikev2[6]: IKE proposal: AES_GCM_16_256/PRF_HMAC_SHA2_384/MODP_3072
 ikev26: INSTALLED, TUNNEL, reqid 5, ESP in UDP SPIs: cdc9dd9c_i 0ec723e6_o
 ikev26: AES_GCM_16_256, 8170 bytes_i (122 pkts, 0s ago), 0 bytes_o, rekeying disabled
 ikev26: 0.0.0.0/0 === 10.0.2.13/32





ios strongswan







share|improve this question






























    1















    I’m using rightsourceip=%dhcp on the server so two clients cannot have the same leftid.



    Prior to using rightsourceip=%dhcp, I used uniqueids=never and 10.0.2.0/24 to allow multiple clients with the same leftid, but that doesn’t appear to work with rightsourceip=%dhcp (am I doing something wrong?).



    Looks like supervised (always-on) iOS VPN clients establish two associations, one over LTE and one over Wi-Fi... which breaks connectivity to the VPN server. Guess the server doesn’t know to which association the packets have to be sent... and perhaps iOS isn’t listening on both interfaces once Wi-Fi is up.



    How can I fix this? Also, what does rekeying disabled mean?



    Security Associations (5 up, 0 connecting):
     ikev2[7]: ESTABLISHED 65 seconds ago, 159.203.26.109[my-vpn.com]...207.46.13.62[client@my-vpn.com]
     ikev2[7]: IKEv2 SPIs: 0a53e7fec5e65e2b_i 2d03da3fce35f91c_r*, rekeying disabled
     ikev2[7]: IKE proposal: AES_GCM_16_256/PRF_HMAC_SHA2_384/MODP_3072
     ikev27: INSTALLED, TUNNEL, reqid 5, ESP in UDP SPIs: c468b92b_i 00006960_o
     ikev27: AES_GCM_16_256, 8795 bytes_i (22 pkts, 0s ago), 4983 bytes_o (19 pkts, 41s ago), rekeying disabled
     ikev27: 0.0.0.0/0 === 10.0.2.13/32
     ikev2[6]: ESTABLISHED 65 seconds ago, 159.203.26.109[my-vpn.com]...157.55.39.61[client@my-vpn.com]
     ikev2[6]: IKEv2 SPIs: e2a7434252a49075_i fe57e34b97ba086e_r*, rekeying disabled
     ikev2[6]: IKE proposal: AES_GCM_16_256/PRF_HMAC_SHA2_384/MODP_3072
     ikev26: INSTALLED, TUNNEL, reqid 5, ESP in UDP SPIs: cdc9dd9c_i 0ec723e6_o
     ikev26: AES_GCM_16_256, 8170 bytes_i (122 pkts, 0s ago), 0 bytes_o, rekeying disabled
     ikev26: 0.0.0.0/0 === 10.0.2.13/32





    ios strongswan







    share|improve this question


























      1












      1








      1








      I’m using rightsourceip=%dhcp on the server so two clients cannot have the same leftid.



      Prior to using rightsourceip=%dhcp, I used uniqueids=never and 10.0.2.0/24 to allow multiple clients with the same leftid, but that doesn’t appear to work with rightsourceip=%dhcp (am I doing something wrong?).



      Looks like supervised (always-on) iOS VPN clients establish two associations, one over LTE and one over Wi-Fi... which breaks connectivity to the VPN server. Guess the server doesn’t know to which association the packets have to be sent... and perhaps iOS isn’t listening on both interfaces once Wi-Fi is up.



      How can I fix this? Also, what does rekeying disabled mean?



      Security Associations (5 up, 0 connecting):
       ikev2[7]: ESTABLISHED 65 seconds ago, 159.203.26.109[my-vpn.com]...207.46.13.62[client@my-vpn.com]
       ikev2[7]: IKEv2 SPIs: 0a53e7fec5e65e2b_i 2d03da3fce35f91c_r*, rekeying disabled
       ikev2[7]: IKE proposal: AES_GCM_16_256/PRF_HMAC_SHA2_384/MODP_3072
       ikev27: INSTALLED, TUNNEL, reqid 5, ESP in UDP SPIs: c468b92b_i 00006960_o
       ikev27: AES_GCM_16_256, 8795 bytes_i (22 pkts, 0s ago), 4983 bytes_o (19 pkts, 41s ago), rekeying disabled
       ikev27: 0.0.0.0/0 === 10.0.2.13/32
       ikev2[6]: ESTABLISHED 65 seconds ago, 159.203.26.109[my-vpn.com]...157.55.39.61[client@my-vpn.com]
       ikev2[6]: IKEv2 SPIs: e2a7434252a49075_i fe57e34b97ba086e_r*, rekeying disabled
       ikev2[6]: IKE proposal: AES_GCM_16_256/PRF_HMAC_SHA2_384/MODP_3072
       ikev26: INSTALLED, TUNNEL, reqid 5, ESP in UDP SPIs: cdc9dd9c_i 0ec723e6_o
       ikev26: AES_GCM_16_256, 8170 bytes_i (122 pkts, 0s ago), 0 bytes_o, rekeying disabled
       ikev26: 0.0.0.0/0 === 10.0.2.13/32





      ios strongswan







      share|improve this question
















      I’m using rightsourceip=%dhcp on the server so two clients cannot have the same leftid.



      Prior to using rightsourceip=%dhcp, I used uniqueids=never and 10.0.2.0/24 to allow multiple clients with the same leftid, but that doesn’t appear to work with rightsourceip=%dhcp (am I doing something wrong?).



      Looks like supervised (always-on) iOS VPN clients establish two associations, one over LTE and one over Wi-Fi... which breaks connectivity to the VPN server. Guess the server doesn’t know to which association the packets have to be sent... and perhaps iOS isn’t listening on both interfaces once Wi-Fi is up.



      How can I fix this? Also, what does rekeying disabled mean?



      Security Associations (5 up, 0 connecting):
       ikev2[7]: ESTABLISHED 65 seconds ago, 159.203.26.109[my-vpn.com]...207.46.13.62[client@my-vpn.com]
       ikev2[7]: IKEv2 SPIs: 0a53e7fec5e65e2b_i 2d03da3fce35f91c_r*, rekeying disabled
       ikev2[7]: IKE proposal: AES_GCM_16_256/PRF_HMAC_SHA2_384/MODP_3072
       ikev27: INSTALLED, TUNNEL, reqid 5, ESP in UDP SPIs: c468b92b_i 00006960_o
       ikev27: AES_GCM_16_256, 8795 bytes_i (22 pkts, 0s ago), 4983 bytes_o (19 pkts, 41s ago), rekeying disabled
       ikev27: 0.0.0.0/0 === 10.0.2.13/32
       ikev2[6]: ESTABLISHED 65 seconds ago, 159.203.26.109[my-vpn.com]...157.55.39.61[client@my-vpn.com]
       ikev2[6]: IKEv2 SPIs: e2a7434252a49075_i fe57e34b97ba086e_r*, rekeying disabled
       ikev2[6]: IKE proposal: AES_GCM_16_256/PRF_HMAC_SHA2_384/MODP_3072
       ikev26: INSTALLED, TUNNEL, reqid 5, ESP in UDP SPIs: cdc9dd9c_i 0ec723e6_o
       ikev26: AES_GCM_16_256, 8170 bytes_i (122 pkts, 0s ago), 0 bytes_o, rekeying disabled
       ikev26: 0.0.0.0/0 === 10.0.2.13/32





      ios strongswan




      ios strongswan






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jun 6 at 11:10









      Glorfindel

      5461818




      5461818










      asked Jun 5 at 16:52









      sunknudsensunknudsen

      347




      347




















          1 Answer
          1






          active

          oldest

          votes


















          1














          If a peer creates multiple IKE_SAs with the same identity, and it isn't prevented via uniqueness policy, this requires multiple virtual IPs per client to work properly (as you noted, the server can only send packets addressed to the virtual IP through one of the two tunnels).



          So assigning static leases with backends like DHCP or RADIUS could be tricky as they usually have a 1:1 mapping of identity to IP address. Depending on the DHCP/RADIUS server implementation it might be possible to let them assign multiple IPs to the same identity (e.g. by configuring multiple static leases, or by considering other parameters besides the identity, refer to the respective documentation). Otherwise, you have to change the backend server's configuration (and in case of DHCP the plugin's) so dynamic leases are assigned to the clients.




          Also, what does rekeying disabled mean?




          That active rekeying is disabled in the configuration (e.g. via rekey=no). The IKE daemon will still respond to rekeying requests from the clients.






          share|improve this answer























          • Thanks ecdsa! So my understanding is that I cannot use identity_lease = yes in /etc/strongswan.conf and use the iOS native always-on VPN feature as it initiates two associations using same leftid so inherently the same virtual MAC address (which causes the packet routing issue), correct?

            – sunknudsen
            Jun 6 at 11:15






          • 1





            Yep, you got it.

            – ecdsa
            Jun 6 at 13:11













          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "2"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f970258%2fusing-strongswan-as-vpn-server-to-supervised-always-on-ios-vpn-clients-two-as%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          1














          If a peer creates multiple IKE_SAs with the same identity, and it isn't prevented via uniqueness policy, this requires multiple virtual IPs per client to work properly (as you noted, the server can only send packets addressed to the virtual IP through one of the two tunnels).



          So assigning static leases with backends like DHCP or RADIUS could be tricky as they usually have a 1:1 mapping of identity to IP address. Depending on the DHCP/RADIUS server implementation it might be possible to let them assign multiple IPs to the same identity (e.g. by configuring multiple static leases, or by considering other parameters besides the identity, refer to the respective documentation). Otherwise, you have to change the backend server's configuration (and in case of DHCP the plugin's) so dynamic leases are assigned to the clients.




          Also, what does rekeying disabled mean?




          That active rekeying is disabled in the configuration (e.g. via rekey=no). The IKE daemon will still respond to rekeying requests from the clients.






          share|improve this answer























          • Thanks ecdsa! So my understanding is that I cannot use identity_lease = yes in /etc/strongswan.conf and use the iOS native always-on VPN feature as it initiates two associations using same leftid so inherently the same virtual MAC address (which causes the packet routing issue), correct?

            – sunknudsen
            Jun 6 at 11:15






          • 1





            Yep, you got it.

            – ecdsa
            Jun 6 at 13:11















          1














          If a peer creates multiple IKE_SAs with the same identity, and it isn't prevented via uniqueness policy, this requires multiple virtual IPs per client to work properly (as you noted, the server can only send packets addressed to the virtual IP through one of the two tunnels).



          So assigning static leases with backends like DHCP or RADIUS could be tricky as they usually have a 1:1 mapping of identity to IP address. Depending on the DHCP/RADIUS server implementation it might be possible to let them assign multiple IPs to the same identity (e.g. by configuring multiple static leases, or by considering other parameters besides the identity, refer to the respective documentation). Otherwise, you have to change the backend server's configuration (and in case of DHCP the plugin's) so dynamic leases are assigned to the clients.




          Also, what does rekeying disabled mean?




          That active rekeying is disabled in the configuration (e.g. via rekey=no). The IKE daemon will still respond to rekeying requests from the clients.






          share|improve this answer























          • Thanks ecdsa! So my understanding is that I cannot use identity_lease = yes in /etc/strongswan.conf and use the iOS native always-on VPN feature as it initiates two associations using same leftid so inherently the same virtual MAC address (which causes the packet routing issue), correct?

            – sunknudsen
            Jun 6 at 11:15






          • 1





            Yep, you got it.

            – ecdsa
            Jun 6 at 13:11













          1












          1








          1







          If a peer creates multiple IKE_SAs with the same identity, and it isn't prevented via uniqueness policy, this requires multiple virtual IPs per client to work properly (as you noted, the server can only send packets addressed to the virtual IP through one of the two tunnels).



          So assigning static leases with backends like DHCP or RADIUS could be tricky as they usually have a 1:1 mapping of identity to IP address. Depending on the DHCP/RADIUS server implementation it might be possible to let them assign multiple IPs to the same identity (e.g. by configuring multiple static leases, or by considering other parameters besides the identity, refer to the respective documentation). Otherwise, you have to change the backend server's configuration (and in case of DHCP the plugin's) so dynamic leases are assigned to the clients.




          Also, what does rekeying disabled mean?




          That active rekeying is disabled in the configuration (e.g. via rekey=no). The IKE daemon will still respond to rekeying requests from the clients.






          share|improve this answer













          If a peer creates multiple IKE_SAs with the same identity, and it isn't prevented via uniqueness policy, this requires multiple virtual IPs per client to work properly (as you noted, the server can only send packets addressed to the virtual IP through one of the two tunnels).



          So assigning static leases with backends like DHCP or RADIUS could be tricky as they usually have a 1:1 mapping of identity to IP address. Depending on the DHCP/RADIUS server implementation it might be possible to let them assign multiple IPs to the same identity (e.g. by configuring multiple static leases, or by considering other parameters besides the identity, refer to the respective documentation). Otherwise, you have to change the backend server's configuration (and in case of DHCP the plugin's) so dynamic leases are assigned to the clients.




          Also, what does rekeying disabled mean?




          That active rekeying is disabled in the configuration (e.g. via rekey=no). The IKE daemon will still respond to rekeying requests from the clients.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Jun 6 at 8:09









          ecdsaecdsa

          2,231916




          2,231916












          • Thanks ecdsa! So my understanding is that I cannot use identity_lease = yes in /etc/strongswan.conf and use the iOS native always-on VPN feature as it initiates two associations using same leftid so inherently the same virtual MAC address (which causes the packet routing issue), correct?

            – sunknudsen
            Jun 6 at 11:15






          • 1





            Yep, you got it.

            – ecdsa
            Jun 6 at 13:11

















          • Thanks ecdsa! So my understanding is that I cannot use identity_lease = yes in /etc/strongswan.conf and use the iOS native always-on VPN feature as it initiates two associations using same leftid so inherently the same virtual MAC address (which causes the packet routing issue), correct?

            – sunknudsen
            Jun 6 at 11:15






          • 1





            Yep, you got it.

            – ecdsa
            Jun 6 at 13:11
















          Thanks ecdsa! So my understanding is that I cannot use identity_lease = yes in /etc/strongswan.conf and use the iOS native always-on VPN feature as it initiates two associations using same leftid so inherently the same virtual MAC address (which causes the packet routing issue), correct?

          – sunknudsen
          Jun 6 at 11:15





          Thanks ecdsa! So my understanding is that I cannot use identity_lease = yes in /etc/strongswan.conf and use the iOS native always-on VPN feature as it initiates two associations using same leftid so inherently the same virtual MAC address (which causes the packet routing issue), correct?

          – sunknudsen
          Jun 6 at 11:15




          1




          1





          Yep, you got it.

          – ecdsa
          Jun 6 at 13:11





          Yep, you got it.

          – ecdsa
          Jun 6 at 13:11

















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Server Fault!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f970258%2fusing-strongswan-as-vpn-server-to-supervised-always-on-ios-vpn-clients-two-as%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          How to write a 12-bar blues melodyI-IV-V blues progressionHow to play the bridges in a standard blues progressionHow does Gdim7 fit in C# minor?question on a certain chord progressionMusicology of Melody12 bar blues, spread rhythm: alternative to 6th chord to avoid finger stretchChord progressions/ Root key/ MelodiesHow to put chords (POP-EDM) under a given lead vocal melody (starting from a good knowledge in music theory)Are there “rules” for improvising with the minor pentatonic scale over 12-bar shuffle?Confusion about blues scale and chords

          Image
          Why is a set not a partition of itself? Would an 8% reduction in drag outweigh the weight addition from this custom CFD-tested winglet? Labeling matrices/rectangles and drawing Sigma inside rectangle Unexpected Netflix account registered to my Gmail address - any way it could be a hack attempt? 51% attack - apparently very easy? refering to CZ's "rollback btc chain" - How to make sure such corruptible scenario can never happen so easily? Missouri raptors have wild hairdos Can someone explain homicide-related death rates? Why is tomato paste so cheap? What are the implications of the new alleged key recovery attack preprint on SIMON? Effects of ~10atm pressure on engine design Is taking modulus on both sides of an equation valid? Jumping frame contents with beamer and pgfplots Are there any established rules for splitting books into parts, chapters, sections etc? Anatomically Correct Carnivorous Tree Why do I get two different answers when solvi...
          Read more

          What if the end-user didn't have the required library?What is setup.py?What is a clean, pythonic way to have multiple constructors in Python?What does Ruby have that Python doesn't, and vice versa?What is the reason for having '//' in Python?How do I create a namespace package in Python?How to package shared objects that python modules depend on?setuptools vs. distutils: why is distutils still a thing?Navigation in Windows 10 vs code not going to virtualenv library when the same library is installed at user levelPython create package for local usePackaging a project that uses multiple python versionsWhy is permission denied on pip install except for when “--user” is included at end of command?

          Image
          Can a tourist shoot a gun in the USA? Will a coyote attack my dog on a leash while I'm on a hiking trail? Labeling matrices/rectangles and drawing Sigma inside rectangle How can I answer high-school writing prompts without sounding weird and fake? Is there ever any indication in the MCU as to how Spider-Man got his powers? Jumping frame contents with beamer and pgfplots Would an 8% reduction in drag outweigh the weight addition from this custom CFD-tested winglet? Is it possible to create different colors in rocket exhaust? German characters on US-International keyboard layout Does gravity affect the time evolution of a QM wave function? 51% attack - apparently very easy? refering to CZ's "rollback btc chain" - How to make sure such corruptible scenario can never happen so easily? Why are solar panels kept tilted? Is Germany still exporting arms to countries involved in Yemen? Unexpected Netflix account registered to my Gmail address - any wa...
          Read more

          Why did Thanos need his ship to help him in the battle scene?Which actor plays Thanos in the Avengers mid-credits scene?Are there economic implications portrayed in comics where the buildings and cities are ruined almost daily?Old X-Men comic where team travels to alien world with a ring-like sun that needs recharging?Why does Ego need help sleeping?Is there an objective answer to who “the strongest Avenger” is?How did Banner get unstuck?Why did Thanos get hit?How did Thanos (or anyone) know the Infinity Stones would give him this power?Did Thanos leave Eitri alive for his after-sales service?In Avengers 1, why does Thanos need Loki?

          Image
          German characters on US-International keyboard layout Why is tomato paste so cheap? what does a native speaker say when he wanted to leave his work? Can a tourist shoot a gun in the USA? Extracting sublists that contain similar elements Why does the headset man not get on the tractor? What kind of SATA connector is this? Help in identifying a mystery wall socket Unexpected Netflix account registered to my Gmail address - any way it could be a hack attempt? Anatomically Correct Carnivorous Tree declared variable inside void setup is forgotten in void loop What is the largest number of identical satellites launched together? Automatically anti-predictably assemble an alliterative aria What information do scammers need to withdraw money from an account? Rounding a number extracted by jq to limit the decimal points Tikz draw contour without some edges, and fill What should a student do when they are the victim of a FERPA violation? How exactly does artific...
          Read more