[Openswan Users] Problem with 2 tunnels to same network

[Douglas Leece]

Hello,

I have been a freeswan users for years and never really had a lot of issues with it, unfortunatly I have found Openswan to be a bit more difficult to get going. The Freeswan config I am replacing required a tunnel from LAN A to LAN B and that was easy to replicate. The problem seems to come in with the second tunnel that goes from the external IP of LAN B's gateway to LAN A. We use this second tunnel to replicate DNS zone data from LAN A to the Gateway serving LAN B.

I have rolled back to 2.4-33 on Fedora because I can't seem to get Openswan to run on any version of 2.6 using netkey. We ran for years with almost no issues using 2.4.18 and superfreeswan 1.99 on Debian and I used these configs as the basis for the new build because I thought we where just upgrading. 

Can Openswan support such a configuration? There are two seperate routes on the machines one for the lan to lan and the other for lan to gateway external IP. Both tunnels negotiate and connect fine but the traffic from LAN A to LAN B does not flow when the gateway to LAN A tunnel is also up. When the gateway to LAN tunnel comes down then it seems to work fine.

On a second note, is there any version of OpenSwan that works on a current Linux distro with out patching the kernel? I have been through memory leaks, daemons crashing, mismatched tunnels and terrrible service trying to use various version of 2.6 kernel and the openswan tools. I like Debian but I can certainly use RHEL or even Unbutu if there is a trouble free build out there, I am quite concerned that patching 2.6 with klips might cause problems with upgrades later so if I can stay with a stock kernel that would be a lot better. 


Thanks in advance, and hopefully someone has an answer so I don't need to replace everything with Cisco :-(

Doug Leece