[Openswan Users] Ending IPsec tunnels on different NIC aliases
Benoit
benoit at areyoumad.net
Mon Dec 20 17:44:38 CET 2004
Hi,
currently, I've setup OpenSwan on a few servers, configured IPsec tunnels between each of them.
The purpose is to provide encrypted connections and some kind of authentication for all internal
network exchanges (some part of the network is physically shared by two companies and the
applications is higly sensitive).
But on some of the servers, I have alias network interface (eth0:0) beside the standard eth0. The
tunnels are correctly setup and are working for the eth0 interface, but when a tunnel is
established on the eth0, it is no more possible to add a new tunnel on the eth0:0 interface.
The error I get from Pluto is "cannot route - route already in use for connection "<name of my
tunnel to eth0>".
First of all, is it possible to do what I'm trying to do ? Having tunnel ending on the eth0:0
interface alone is possible, but when I try to make a tunnel on the eth0 or eth0:0 together, the
eth0:0 doesn't work anymore.
My config is as follow (on the server with eth0 and eth0:0):
version 2.0
config setup
interfaces="ipsec0=eth0 ipsec1=eth0:0"
conn host30-host150
left=10.110.42.30 # eth0
right=10.110.42.150 # another machine
auto=start
authby=secret
conn host50-host150
left=10.110.42.50 # eth0:0
right=10.110.42.150
auto=start
authby=secret
On 10.110.42.150, the config is
version 2.0
config setup
interfaces="ipsec0=eth0"
conn host150-host30
left=10.110.42.150
right=10.110.42.30
auto=start
authby=secret
conn host150-host50
left=10.110.42.150
right=10.110.42.50
auto=start
authby=secret
Thanks,
Benoit
-------------- next part --------------
--------------------------------------
This message has been scanned by
TrendMicro Interscan VirusWall 3.81
--------------------------------------
More information about the Users
mailing list