[Openswan Users] ipsec vpn fallback

Paul Wouters paul at xelerance.com
Wed Jun 1 17:25:56 CEST 2005

On Wed, 1 Jun 2005, Ming-Ching Tiew wrote:

> I am using kernel 2.4.29 and openswan 2.3.1, the 'ipsec.conf' I have
> included below. I could bring up ipsec on link1 ( ipsec0 ) this
> way :-
>       ipsec auto --up link1
> This is all fine and proper, however, when the link1 fails, I
> bring down ipsec on link1 and bring up ipsec1 on link2,
>      ipsec auto --down link1
>      ipsec auto --up link2
> The second command fail to properly establish the IKE negotiation,
> it seems to do with some routing issue. If I rework the ipsec.conf,
> changing interfaces="ipsec0=eth2 ipsec1=eth1" and issue commands
>     ipsec setup restart
>     ipsec auto --up link2

That should not be neccessary. What are the exact IKE errors you see?


More information about the Users mailing list