[Openswan dev] IPsec bug in Vigor2600 plus series annex A #
Firmware Version : 2.5.2_H with multiple SA's
Paul Wouters
paul at xtdnet.nl
Fri Aug 13 16:44:44 CEST 2004
On Wed, 11 Aug 2004, Paul Wouters wrote:
> So I want something like:
>
> |-------- Vigor -----| |--- Openswan------|
> (10.10.10.0/24) 10.10.10.1 --- 1.2.3.4 ------------ 5.6.7.8 --- 10.0.1.1 (10.0.1.0/24)
> (10.10.10.0/24) 10.10.10.1 --- 1.2.3.4 ------------ 5.6.7.8 --- 10.0.1.1 (10.0.2.0/24)
>
> Note that in this case it is normal to re-use the same ISAKMP SA for
> the second tunnel, which is why this bug might be happening.
Draytek replied to me telling me "two IPsec tunnels to the same host are not
supported".
I guess they can't or won't take bugs seriously, but send people away with
a silly default answer. Conclusion: don't do Vigor's when deplying IPsec.
I'll add it to the interop docs on the Wiki.
Paul
More information about the Dev
mailing list