[Openswan Users] Multiple tunnels causes INVALID_SPI error

Paul Wouters paul at xelerance.com
Thu Apr 12 01:11:30 EDT 2007

On Wed, 11 Apr 2007, Thomas Novin wrote:

> > > I've already tried that but I tried it now again. When I do that
> > > starting tunnel #2 kills tunnel #1. If I down tunnel #1 the traffic on
> > > tunnel #2 stops working.
> >
> > then the other is broken. What is it? Draytek used to have this problem too.
> It's a Fortigate FGT-100 Firewall with FortiOS 3.0.
> http://www.fortinet.com/products/telesoho.html

Hmm. Ask their support department if their product supports two IPsec tunnels
between the same endpoints.

> If you have any comments on my questions about the possibility for a
> "virtual adapter", please also respond to that part of my previous email
> to the list.

I am not sure I understand the question. You don't get an "virtual adapter"
per tunnel. When using NETKEY you get no interfaces, when using KLIPS you
get one virtual ipsecX interface per ethX interface you use IPsec on.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list