[Openswan Users] Multiple tunnels causes INVALID_SPI error
paul at xelerance.com
Thu Apr 12 01:11:30 EDT 2007
On Wed, 11 Apr 2007, Thomas Novin wrote:
> > > I've already tried that but I tried it now again. When I do that
> > > starting tunnel #2 kills tunnel #1. If I down tunnel #1 the traffic on
> > > tunnel #2 stops working.
> > then the other is broken. What is it? Draytek used to have this problem too.
> It's a Fortigate FGT-100 Firewall with FortiOS 3.0.
Hmm. Ask their support department if their product supports two IPsec tunnels
between the same endpoints.
> If you have any comments on my questions about the possibility for a
> "virtual adapter", please also respond to that part of my previous email
> to the list.
I am not sure I understand the question. You don't get an "virtual adapter"
per tunnel. When using NETKEY you get no interfaces, when using KLIPS you
get one virtual ipsecX interface per ethX interface you use IPsec on.
Building and integrating Virtual Private Networks with Openswan:
More information about the Users