[Openswan Users] New request interferes with existing connections

wangxx at jmu.edu wangxx at jmu.edu
Sat Apr 29 10:27:07 CEST 2006 

Hi there,

Our VPN server is running "Linux Openswan U2.4.5/K2.6.9-
5.ELsmp (netkey)" and xl2tp-1.04.

One box, running Windows XP professional, has a public IP 
address 134.126.34.133 and was already connected to the VPN 
server.

Then, another host, which is running Windows 2000 and sitting 
behind a NAT whose public IP address is 69.251.186.224, tried 
to establish an IPsec connection to the same VPN server. 
(These two boxes use the same private key and digital 
certificate. Is this a bad practice?)

I saw the following logs in /var/log/messages for this moment:

---------- /var/log/messages BEGINS ----------
Apr 29 08:54:12 localhost pluto[3088]: "roadwarrior"[4] 
69.251.186.224 #3: I am sending my cert     83 
Apr 29 08:54:12 localhost pluto[3088]: "roadwarrior"[4]
69.251.186.224 #3: deleting connection "roadwarrior-l2tp-
updatedwin" instance with peer 134.126.34.133 
{isakmp=#0/ipsec=#2}     84 
Apr 29 08:54:12 localhost pluto[3088]: "roadwarrior-l2tp-
updatedwin" #2: deleting state (STATE_QUICK_R2)     85 
Apr 29 08:54:12 localhost pluto[3088]: "roadwarrior"[4] 
69.251.186.224 #3: deleting connection "roadwarrior" instance 
with peer 134.126.34.133 {isakmp=#1/ipsec=#0}     86 
Apr 29 08:54:12 localhost pluto[3088]: "roadwarrior" #1: 
deleting state (STATE_MAIN_R3)
---------- /var/log/messages ENDS ---------

The second record above indicates that Pluto was trying to 
disconnect the existing connection to 134.126.34.133 before 
it can server the new incoming request.

Is this normal? How to have multiple connections 
simultaneously?

My configuration files are attached.

Thanks,

Steve
-------------- next part --------------
ipcp-accept-local
ipcp-accept-remote
ms-dns  134.126.13.11
ms-dns   134.126.13.11
noccp
auth
crtscts
idle 1800
mtu 1390
mru 1390
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
logfile /var/log/l2tpd.log
passive
dump
-------------- next part --------------
A non-text attachment was scrubbed...
Name: l2tpd.conf
Type: application/octet-stream
Size: 1032 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20060429/a9fa3cf8/l2tpd.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.conf
Type: application/octet-stream
Size: 938 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20060429/a9fa3cf8/ipsec.obj

More information about the Users mailing list