[Openswan Users] Major problems with multiple tunnels on Fedora 11
Paul Wouters
paul at xelerance.com
Sat Jun 27 13:33:55 EDT 2009
On Sat, 27 Jun 2009, Marek Greško wrote:
>> However, if you have uniqueids=yes,then setting up a new connection from a
>> different IP should always replace the old connection. There is a specific
>> "udp port 500 hole" for this. That is, the "drop all unencrypted" traffic
>> excludes unencrypted udp 500 for this exact reason.
>
> Strange. By manual the uniqueids is yes by default. I did not change it. When
> I put the Windows machine by NAT behind my Linux box and I restat ipsec on it,
> it works. But my Linux box still cannot reach the protected network until
> restat of ipsec on the remote side.
Make an 'ipsec barf' and pastebin it somewhere of the linux server in that
situation without the restart.
Paul
More information about the Users
mailing list