[Openswan Users] 'Virtual IP xxx is already used by' issue
Paul Wouters
paul at xelerance.com
Wed Jul 5 17:46:42 CEST 2006
On Wed, 5 Jul 2006, Mike.Peters at opengi.co.uk wrote:
> I have multiple roadwarrior clients, using WinXP and lsipsectool to
> connect to an OpenSwan gateway. The clients are NAT'ed but I am seeing
> the following messages in the logs when some clients fail to connect:
>
> Jul 4 19:33:03 openswangw pluto[9211]: "roadwarrior"[6] XXX.XXX.XXX.XXX
> #2915: Virtual IP 192.168.1.3/32 is already used by 'C=GB, ST=Here,
> L=Mytown, O=AcmeLtd, OU=Engineers, CN=Me, E=me at example.com'
>
> Presumably this means that the client can't connect because another user
> is already connected with the same private IP address. Can users behind
> NAT'ed gateways not have the same private IP address - I thought that
> was the whole point of NAT? Or am I missing something in my
> configuration?
This problem is a tad complex. The virtual IP handling code had various bugs
in them, that have not been fixed in the openswan-2.4.x code, but have been
fixed in our L2TP enhanced version of openswan, see:
http://lists.openswan.org/pipermail/users/2006-May/009487.html
Most of the bugs related to the Virtual IP handling though, have
already been folded back into #public, which is the GIT version of our
old "CVS HEAD", aka the unstable development bleeding edge. No releases
of Openswan-2.5.x (or perhaps we will call it Openswan-3.x) have been
made yet. But I do not think the overlapip=yes option is there. See
the above link why that is.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list