[Openswan Users] constantly increasing number of tunnels, stopping ipsec

Stefan Guenther openswan at in-put.de
Tue Aug 21 13:49:33 EDT 2007


Hello,

we are running openswan-2.4.6-25 on SuSE 10.2 configured for 8 tunnels,
the other end of the tunnel is always a Draytek Vigor router.

According to /var/log/messages openswan starts without a problem and all
routers are able to connect.

When I monitor the status of the tunnels with

watch /etc/init.d/ipsec status

the output starts with 6 tunnels, then jumps to 9 number, adding another
tunnel every 15 seconds!

After a while we have to restart ipsec, because the routers can't connect.

We have another openswan installation running with 11 tunnels and
openswan on both sides. Since the configuration for these two
installations is nearly the same, I fear that at least one of the
Drayteks is running wild.

Here is the openswan configuration:

version 2.0
config setup
         interfaces="ipsec0=dsl0"
         klipsdebug=none
         plutodebug=none
         uniqueids=yes
         forwardcontrol=yes

conn %default
         pfs=yes
         left=xx.xx.xx.xx
         leftnexthop=yy.yy.yy.yy
         leftsubnet=192.168.8.0/24
         authby=secret
         auto=add
         rekey=yes
         compress=yes
         disablearrivalcheck=no
         type=tunnel
         right=%any

conn verbindung0
         rightsubnet=192.168.0.0/24

conn verbindung2
         rightsubnet=192.168.2.0/24

conn verbindung3
         rightsubnet=192.168.3.0/24

conn verbindung1
         rightsubnet=192.168.1.0/24

conn verbindung33
         rightsubnet=192.168.33.0/24

conn verbindung9
         rightsubnet=192.168.9.0/24

conn verbindung4
         rightsubnet=192.168.4.0/24

conn verbindung5
         rightsubnet=192.168.5.0/24

include /etc/ipsec.d/examples/no_oe.conf

Any hints or comments are appreciated.

Thanks in advance,

Stefan



More information about the Users mailing list