[Openswan Users] Vpn Multiple Connections

Andy Van den Heede andy.vandenheede at secuteam.com
Mon Oct 16 11:22:54 EDT 2006


Hello,

 

The problem I have posted previous week is not yet solved like I
send.....

 

I have 2 connections sections in the ipsec.conf file:

 

conn connection1

        left=62.166.214.114

        leftsubnet=192.168.123.0/255.255.255.0

        leftnexthop=62.166.214.113

        leftid=@connection1.openswan.local

        right=%any

        rightsubnet=10.4.0.0/255.255.255.0

        rightid=@openswan1.dyndns.org

        auto=start

        authby=secret

        type=tunnel

        keyexchange=ike

        auth=esp

        pfs=no

        ike=3des-md5-modp1024

        esp=3des-md5-96

        aggrmode=yes

        keylife=43200

        rekey=yes

 

conn connection2

        left=62.166.214.114

        leftsubnet=192.168.123.0/255.255.255.0

        leftnexthop=62.166.214.113

        leftid=@connection2.openswan.local

        right=%any

        rightsubnet=10.3.0.0/255.255.255.0

        rightid=@openswan2.dyndns.org

        auto=start

        authby=secret

        type=tunnel

        keyexchange=ike

        auth=esp

        pfs=no

        ike=3des-md5-modp1024

        esp=3des-md5-96

        aggrmode=yes

        keylife=43200

        rekey=yes

 

Two lines in the ipsec.secrets file:

 

@connection1.openswan.local @openswan1.dyndns.org : PSK "PSK1"

@connection2.openswan.local @openswan2.dyndns.org : PSK "PSK2"

 

Whe I try to build up the tunnel 2, I hav this in the logs (the first
connection is already up):

 

Oct 16 16:23:31 axsweb pluto[1883]: "connection1"[2] 81.245.236.196 #93:
Aggressive mode peer ID is ID_FQDN: '@openswan2.dyndns.org'

Oct 16 16:23:31 axsweb pluto[1883]: "connection1"[2] 81.245.236.196 #93:
no suitable connection for peer '@openswan2.dyndns.org'

Oct 16 16:23:31 axsweb pluto[1883]: "connection1"[2] 81.245.236.196 #93:
initial Aggressive Mode packet claiming to be from @openswan1.dyndns.org
on 81.245.236.196 but no connection has been authorized

Oct 16 16:23:31 axsweb pluto[1883]: "connection1"[2] 81.245.236.196 #93:
sending notification INVALID_ID_INFORMATION to 81.245.236.196:500

Oct 16 16:23:41 axsweb pluto[1883]: packet from 81.245.236.196:500:
received Vendor ID payload [Dead Peer Detection]

Oct 16 16:23:41 axsweb pluto[1883]: "connection1"[2] 81.245.236.196 #94:
Aggressive mode peer ID is ID_FQDN: '@openswan2.dyndns.org'

Oct 16 16:23:41 axsweb pluto[1883]: "connection1"[2] 81.245.236.196 #94:
no suitable connection for peer '@openswan2.dyndns.org'

Oct 16 16:23:41 axsweb pluto[1883]: "connection1"[2] 81.245.236.196 #94:
initial Aggressive Mode packet claiming to be from @openswan1.dyndns.org
on 81.245.236.196 but no connection has been authorized

Oct 16 16:23:41 axsweb pluto[1883]: "connection1"[2] 81.245.236.196 #94:
sending notification INVALID_ID_INFORMATION to 81.245.236.196:500

 

When I change the option right in the ipsec.conf file for connection2,
the tunnel builds up directly.

 

 

Andy Van den Heede

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061016/4fe20175/attachment-0001.html 


More information about the Users mailing list