[Openswan Users] 'Virtual IP xxx is already used by' issue

Paul Wouters paul at xelerance.com
Wed Jul 5 17:46:42 CEST 2006

On Wed, 5 Jul 2006, Mike.Peters at opengi.co.uk wrote:

> I have multiple roadwarrior clients, using WinXP and lsipsectool to
> connect to an OpenSwan gateway. The clients are NAT'ed but I am seeing
> the following messages in the logs when some clients fail to connect:
> Jul  4 19:33:03 openswangw pluto[9211]: "roadwarrior"[6] XXX.XXX.XXX.XXX
> #2915: Virtual IP is already used by 'C=GB, ST=Here,
> L=Mytown, O=AcmeLtd, OU=Engineers, CN=Me, E=me at example.com'
> Presumably this means that the client can't connect because another user
> is already connected with the same private IP address. Can users behind
> NAT'ed gateways not have the same private IP address - I thought that
> was the whole point of NAT? Or am I missing something in my
> configuration?

This problem is a tad complex. The virtual IP handling code had various bugs
in them, that have not been fixed in the openswan-2.4.x code, but have been
fixed in our L2TP enhanced version of openswan, see:


Most of the bugs related to the Virtual IP handling though, have
already been folded back into #public, which is the GIT version of our
old "CVS HEAD", aka the unstable development bleeding edge. No releases
of Openswan-2.5.x (or perhaps we will call it Openswan-3.x) have been
made yet. But I do not think the overlapip=yes option is there. See
the above link why that is.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list