[Openswan Users] "Virtual IP x.x.x.x is already used" - connection cached?
paul at xelerance.com
Tue Jul 3 17:37:49 EDT 2007
On Tue, 3 Jul 2007, Nels Lindquist wrote:
The SPD entry stays in the kernel until it expires.
For this to properly work, you will need the L2TP Enhancement.
> Date: Tue, 03 Jul 2007 14:59:39 -0600
> From: Nels Lindquist <nlindq at maei.ca>
> To: <users at openswan.org>
> Subject: [Openswan Users] "Virtual IP x.x.x.x is already used" - connection
> I'm using OpenSWAN 2.4.8, and I'm being stung by the Virtual IP handling
> issue, though not in the way that I understood it.
> My impression was that it's not currently possible to have multiple L2TP
> users behind a single NAT firewall simultaneously, but that it was
> possible to do so serially.
> However, when User A disconnects their L2TP session, the tunnel is torn
> down and the kernel SAD entry is flushed, but the kernel SPD (Security
> Policy Database) entry remains cached.
> When User B attempts to connect, they get an error, and the "Virtual IP
> x.x.x.x is already used" message shows up in the log.
> If I do "ipsec auto --replace [l2tpd-connection-definition]" then User B
> can connect, but User A now can't connect after User B disconnects.
> On the OpenSWAN side, it's a standard L2TP roadwarrior connection, with
> dpdaction=clear defined.
> Is there some other configuration directive I need to convince OpenSWAN
> to remove the SPD entry when the tunnel is torn down?
> Thanks very much!
> Nels Lindquist
> Users at openswan.org
> Building and Integrating Virtual Private Networks with Openswan:
Building and integrating Virtual Private Networks with Openswan:
More information about the Users