[Openswan Users] max of two tunnels sharing same phase 1?

Elvar elvar at elvar.org
Tue Aug 5 14:09:47 EDT 2008


Hello,

I'm trying to connect my linux firewall box to my work's Fortinet VPN 
concentrator using Openswan and while I can get two of the three tunnels 
to work fine, I can never get more than two working. If I change the 
order or only use two, any of them will work, so I know they are all 
good individually. When I try and use more than two, the traffic on the 
way back seems to get lost. How do I make it so that all three of those 
tunnels work at the same time? Anyone have any idea why only two at a 
time will work? My config is below...



conn test1
    left=72.14.207.99
    leftsubnet=172.16.30.0/24
    leftsourceip=172.16.30.1
    right=206.190.60.37
    rightsubnet=172.25.7.0/24
    #auth=esp
    #auto=start
    authby=secret
    #specify encryption FortiGate VPN uses
    #esp=des-md5
    ike=3des-sha1-1024
    esp=3des-md5
    #perfect forward secrecy (default yes)
    #pfs=no
    #optionally enable compression
    compress=yes
    auto=start

conn test2
    left=72.14.207.99
    leftsubnet=172.16.30.0/24
    leftsourceip=172.16.30.1
    right=206.190.60.37
    rightsubnet=192.168.0.0/16
    #auth=esp
    #auto=start
    authby=secret
    #specify encryption FortiGate VPN uses
    #esp=des-md5
    ike=3des-sha1-1024
    esp=3des-md5
    #perfect forward secrecy (default yes)
    #pfs=no
    #optionally enable compression
    compress=yes
    auto=start

conn test3
    left=72.14.207.99
    leftsubnet=172.16.30.0/24
    leftsourceip=172.16.30.1
    right=206.190.60.37
    rightsubnet=172.15.1.0/24
    #auth=esp
    #auto=start
    authby=secret
    #specify encryption FortiGate VPN uses
    #esp=des-md5
    ike=3des-sha1-1024
    esp=3des-md5
    #perfect forward secrecy (default yes)
    #pfs=no
    #optionally enable compression
    compress=yes
    auto=start



Kind regards,
Elvar



More information about the Users mailing list