[Openswan Users] Ending IPsec tunnels on different NIC aliases
Paul Wouters
paul at xelerance.com
Mon Dec 20 22:25:07 CET 2004
On Mon, 20 Dec 2004, Benoit wrote:
> But on some of the servers, I have alias network interface (eth0:0) beside the standard eth0. The
> tunnels are correctly setup and are working for the eth0 interface, but when a tunnel is
> established on the eth0, it is no more possible to add a new tunnel on the eth0:0 interface.
> The error I get from Pluto is "cannot route - route already in use for connection "<name of my
> tunnel to eth0>".
Are you using KLIPS or NETKEY?
> First of all, is it possible to do what I'm trying to do ? Having tunnel ending on the eth0:0
> interface alone is possible, but when I try to make a tunnel on the eth0 or eth0:0 together, the
> eth0:0 doesn't work anymore.
I have personally only done this with KLIPS, and it works. I have not tried
it with NETKEY, because my setup uses Opportunistic Encryptio, which is
not supported with NETKEY.
Can you put the output of 'ipsec barf' somewhere on a website and post the
url?
> Me config is as follow (on the server with eth0 and eth0:0):
>
> version 2.0
> config setup
> interfaces="ipsec0=eth0 ipsec1=eth0:0"
This interfaces line won't do anything when using NETKEY (the 2.6 stack)
Paul
More information about the Users
mailing list