<div dir="ltr">Hi Simon,<div><br></div><div>Thank's for your reply.</div><div>We would like to establish a failover/failback VPN environment.So we setup the same VPN configuration.</div><div>In general,we work on tunnel1(test1-test2),Once the tunnel1 do not work,we will setup the tunnel2(test1-test3) to replace the tunnel1.</div><div>In the meantime,we will check tunnel1 status.when the tunnel1 back.we will transfer to tunnel1 and disconnect tunnel2.</div><div> <br></div><div>In this case,Do you have any suggestions? Thank you very much. </div><div><br><div>Best Regards,</div><div>Ozai<br><div class="gmail_extra"><br><div class="gmail_quote">2014-10-19 3:41 GMT+08:00 Simon Deziel <span dir="ltr"><<a href="mailto:simon@xelerance.com" target="_blank">simon@xelerance.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Hi Ozai,<br>
<br>
Both connections are using <a href="http://192.168.3.0/24" target="_blank">192.168.3.0/24</a> as the remote net<br>
(rightsubnet) which is why OpenSwan complains. Make sure each connection<br>
uses the right remote net for each peer.<br>
<br>
Regards,<br>
Simon<br>
<span class=""><br>
On 10/18/2014 02:53 PM, ozai Tien wrote:<br>
> Dear Sirs,<br>
><br>
> I want to establish 2 ipsec channels between these two as follows.<br>
><br>
> test1(openswan 162.18.22.80)-----------test2(openswan 162.18.22.81)<br>
> test1(openswan 162.18.22.80)-----------test3(openswan 162.18.22.82)<br>
><br>
> The connection test1-test2 gets established without any problem.<br>
> However, when the connection test1-test3 is setup, it gives following error:<br>
><br>
> 117 "test1-test3" #4: STATE_QUICK_I1: initiate<br>
> 003 "test1-test3" #4: cannot route -- route already in use for "test1-test2"<br>
> 032 "test1-test3" #4: STATE_QUICK_I1: internal error<br>
><br>
> Is it the routing issue?How do I check this question?Please help.<br>
> Thank you very much.<br>
><br>
> Best Regards,<br>
> Ozai<br>
><br>
><br>
> # cat ipsec.conf<br>
> config setup<br>
>                 nat_traversal=no<br>
>                 oe=off<br>
>                 protostack=netkey<br>
>                 interfaces=%defaultroute<br>
><br>
> conn test1-test2<br>
>                 left=162.18.22.80<br>
</span>>                 leftsubnet=<a href="http://192.168.2.0/24" target="_blank">192.168.2.0/24</a> <<a href="http://192.168.2.0/24" target="_blank">http://192.168.2.0/24</a>><br>
>                 rightsubnet=<a href="http://192.168.3.0/24" target="_blank">192.168.3.0/24</a> <<a href="http://192.168.3.0/24" target="_blank">http://192.168.3.0/24</a>><br>
<span class="">>                 connaddrfamily=ipv4<br>
>                 right=162.18.22.81<br>
>                 keyexchange=ike<br>
>                 ike=3des-md5;modp1024!<br>
>                 salifetime=480m<br>
>                 phase2=esp<br>
>                 phase2alg=3des-hmac_md5!;modp1024<br>
>                 pfs=yes<br>
>                 ikelifetime=60m<br>
>                 type=tunnel<br>
>                 authby=secret<br>
>                 auto=add<br>
><br>
> conn test1-test3<br>
>                 left=162.18.22.80<br>
</span>>                 leftsubnet=<a href="http://192.168.2.0/24" target="_blank">192.168.2.0/24</a> <<a href="http://192.168.2.0/24" target="_blank">http://192.168.2.0/24</a>><br>
>                 rightsubnet=<a href="http://192.168.3.0/24" target="_blank">192.168.3.0/24</a> <<a href="http://192.168.3.0/24" target="_blank">http://192.168.3.0/24</a>><br>
<span class="">>                 connaddrfamily=ipv4<br>
>                 right=162.18.22.82<br>
>                 keyexchange=ike<br>
>                 ike=3des-md5;modp1024!<br>
>                 salifetime=480m<br>
>                 phase2=esp<br>
>                 phase2alg=3des-hmac_md5!;modp1024<br>
>                 pfs=yes<br>
>                 ikelifetime=60m<br>
>                 type=tunnel<br>
>                 authby=secret<br>
>                 auto=add<br>
> #<br>
> # cat ipsec.secrets<br>
> 162.18.22.80 162.18.22.81 : PSK "123"<br>
> 162.18.22.80 162.18.22.82 : PSK "123"<br>
> #<br>
><br>
><br>
><br>
</span>> _______________________________________________<br>
> <a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
> <a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
> Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
> Building and Integrating Virtual Private Networks with Openswan:<br>
> <a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
><br>
<br>
_______________________________________________<br>
<a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
</blockquote></div><br></div></div></div></div>