[Openswan Users] constantly increasing number of tunnels, stopping ipsec
Stefan Guenther
openswan at in-put.de
Tue Aug 21 13:49:33 EDT 2007
Hello,
we are running openswan-2.4.6-25 on SuSE 10.2 configured for 8 tunnels,
the other end of the tunnel is always a Draytek Vigor router.
According to /var/log/messages openswan starts without a problem and all
routers are able to connect.
When I monitor the status of the tunnels with
watch /etc/init.d/ipsec status
the output starts with 6 tunnels, then jumps to 9 number, adding another
tunnel every 15 seconds!
After a while we have to restart ipsec, because the routers can't connect.
We have another openswan installation running with 11 tunnels and
openswan on both sides. Since the configuration for these two
installations is nearly the same, I fear that at least one of the
Drayteks is running wild.
Here is the openswan configuration:
version 2.0
config setup
interfaces="ipsec0=dsl0"
klipsdebug=none
plutodebug=none
uniqueids=yes
forwardcontrol=yes
conn %default
pfs=yes
left=xx.xx.xx.xx
leftnexthop=yy.yy.yy.yy
leftsubnet=192.168.8.0/24
authby=secret
auto=add
rekey=yes
compress=yes
disablearrivalcheck=no
type=tunnel
right=%any
conn verbindung0
rightsubnet=192.168.0.0/24
conn verbindung2
rightsubnet=192.168.2.0/24
conn verbindung3
rightsubnet=192.168.3.0/24
conn verbindung1
rightsubnet=192.168.1.0/24
conn verbindung33
rightsubnet=192.168.33.0/24
conn verbindung9
rightsubnet=192.168.9.0/24
conn verbindung4
rightsubnet=192.168.4.0/24
conn verbindung5
rightsubnet=192.168.5.0/24
include /etc/ipsec.d/examples/no_oe.conf
Any hints or comments are appreciated.
Thanks in advance,
Stefan
More information about the Users
mailing list