[Openswan Users] Multiple tunnels causes INVALID_SPI error

Thomas Novin thnov at xyz.pp.se
Wed Apr 11 16:54:17 EDT 2007


On Tue, 2007-04-10 at 21:13 +0200, Paul Wouters wrote:
> On Tue, 10 Apr 2007, Thomas Novin wrote:
> > > Don't use different id's. Re-use the same conn, ONLY change
> > > the rightsubnet= definition.
> > >
> > > You now created two IKE peers which are the same, yet different. Which
> > > is causing your problems now.
> > >
> >
> > I've already tried that but I tried it now again. When I do that
> > starting tunnel #2 kills tunnel #1. If I down tunnel #1 the traffic on
> > tunnel #2 stops working.
> 
> then the other is broken. What is it? Draytek used to have this problem too.

It's a Fortigate FGT-100 Firewall with FortiOS 3.0. 

http://www.fortinet.com/products/telesoho.html

If you have any comments on my questions about the possibility for a
"virtual adapter", please also respond to that part of my previous email
to the list.

Rgds,

Thomas




More information about the Users mailing list