[Openswan Users] Bug: Duelling tunnels in openswan-2.4.9-r1

Roland Plüss roland at rptd.ch
Sun Oct 21 10:13:48 EDT 2007


This problem started since the update to openswan-2.4.9-r1 . It looks
like a huge bug in this version since my Road-Warrior system has been
working until this fateful day.

The following happens now. There is a gateway with two laptops using a
road-warrior config. Both use the same setups hence the same RSA key and
identifier. So far they both received their own tunnel since they have
different IPs. This is the intended behavior to distinguish computers
with the same RSA key by their IP.

Now with the new version this is no more happening. For some reason if
the second laptop opens a tunnel it intermingles with the first
established tunnel. The net effect is that in an interval of 10 seconds
each laptop alternating has its tunnel going up and down. They both
fight for the same slot instead of receiving two slots. This problem can
be witnessed well on the gateway where the slot changes the IP every 10
seconds from one laptop to the other. With this the entire network is
down and no way back ( the old version vanished from portage... great!
so much for failure awareness <.=.< ).

The following setup is in use:
gateway:
conn openswan-roadwarrior
        left=192.168.3.2
        leftsubnet=0.0.0.0/0
        leftid=@####
        leftrsasigkey=####
        right=%any
        rightid=@####
        rightrsasigkey=####
        auto=add
        auth=esp
        authby=rsasig
        compress=yes

road warriors:
        left=%defaultroute
        leftid=@####
        leftrsasigkey=####
        right=192.168.3.2
        rightsubnet=0.0.0.0/0
        rightid=@####
        rightrsasigkey=####
        auto=add
        auth=esp
        authby=rsasig
        compress=yes

It has been working before so I don't think its a config problem.

-- 
Yours sincerely
Plüss Roland

Leader and Head Programmer
- Game: Epsylon ( http://epsylon.rptd.ch/ )
- Game Engine: Drag(en)gine ( http://dragengine.rptd.ch )
- Normal Map Generator: DENormGen ( http://epsylon.rptd.ch/denormgen.php )


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20071021/3889b60d/attachment.bin 


More information about the Users mailing list