[Openswan Users] IPSec configuration question

Avesh Kumar Agarwal akagarwa at unity.ncsu.edu
Mon Feb 19 15:36:03 EST 2007 

Hi All,

I need a help regarding setting up multiple IPSec tunnels. I have to 
setup IPSec tunnels in a host-to-host scenario. Basically, my setup is 
very simple and is as follows.

host1(10.1.4.1)--------host2(10.1.4.2)

These hosts are directly connected, and host1 has default route pointing 
to host2, and vice versa. I will explain the procedure about how i am 
setting up tunnel between them. I am using openswan-2.4.6 version. My 
hosts are running Redhat linux 9 with kernel 2.4.20-8.

At host 1, I am giving the following command.

"ipsec whack --name new-test --ipv4 --host 10.1.4.1 --id @10.1.4.1 
--nexthop 10.1.4.10 --srcip 10.1.4.1 --to --host 10.1.4.2 --id @10.1.4.2 
--nexthop 10.1.4.10 --rsasig --encrypt --authenticate --tunnel --pass"


At host 2, I am giving the following command.

"ipsec whack --name new-test --ipv4 --host 10.1.4.2 --id @10.1.4.2 
--nexthop 10.1.4.10 --srcip 10.1.4.2 --to --host 10.1.4.1 --id @10.1.4.1 
--nexthop 10.1.4.10 --rsasig --encrypt --authenticate --tunnel --esp 
aes-sha1"

To setup the tunnel "new-test", I am giving following command at host2.

"ipsec auto --up new-test"

The new-test tunnel is getting created properly and working fine.

However, now, I want to establish four tunnels with different 
configurations between these hosts, and "these tunnel are supposed to 
exist together". The only difference between these four tunnels is the 
use of different encryption and authentication algorithms. For example, 
I want to try 4 "--esp" options which are AES-SHA1, AES-MD5, 3DES-SHA1 
and 3DES-MD5. And once these four tunnels are established, i want to use 
them according to our needs.

I tried to do that but when i try to establish 2nd tunnel, i get the 
following errors

"cannot install eroute -- it is in use for "new-test" #2"
"STATE_QUICK_I1: internal error"
"discarding duplicate packet: already STATE_QUICK_I1"


Is there any way of doing that? any help would be greatly appreciated.

I hope, i have explained my problem clearly. But still, if it is not 
clear, i can try to explain in more detail.


Thanks and Regards
Avesh Agarwal
Ph.D. Student, CSC, NCSU
http://www4.ncsu.edu/~akagarwa

More information about the Users mailing list