[Openswan Users] Ending IPsec tunnels on different NIC aliases

Paul Wouters paul at xelerance.com
Mon Dec 20 22:25:07 CET 2004

On Mon, 20 Dec 2004, Benoit wrote:

> But on some of the servers, I have alias network interface (eth0:0) beside the standard eth0. The
> tunnels are correctly setup and are working for the eth0 interface, but when a tunnel is
> established on the eth0, it is no more possible to add a new tunnel on the eth0:0 interface.
> The error I get from Pluto is "cannot route - route already in use for connection "<name of my
> tunnel to eth0>".

Are you using KLIPS or NETKEY?

> First of all, is it possible to do what I'm trying to do ? Having tunnel ending on the eth0:0
> interface alone is possible, but when I try to make a tunnel on the eth0 or eth0:0 together, the
> eth0:0 doesn't work anymore.

I have personally only done this with KLIPS, and it works. I have not tried
it with NETKEY, because my setup uses Opportunistic Encryptio, which is
not supported with NETKEY.

Can you put the output of 'ipsec barf' somewhere on a website and post the

> Me config is as follow (on the server with eth0 and eth0:0):
> version 2.0
>        config setup
>        interfaces="ipsec0=eth0 ipsec1=eth0:0"

This interfaces line won't do anything when using NETKEY (the 2.6 stack)


More information about the Users mailing list