[Openswan Users] max of two tunnels sharing same phase 1?

Peter McGill petermcgill at goco.net
Tue Aug 5 14:25:21 EDT 2008 

Elvar,

Openswan is certainly not limited to two tunnels per host, I use more myself.
I'll attempt to find the cause of your problem.

Please make sure you have developer debugging off in your ipsec.conf:
config setup
	klipsdebug=none
	plutodeubg=none

Then after restarting, connect your tunnels, run your ping tests and send
the output of the tests along with an attached ipsec barf to me off-list.
ipsec barf > ipsec_barf.txt

Peter McGill
IT Systems Analyst
Gra Ham Energy Limited 

> -----Original Message-----
> From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] On Behalf Of Elvar
> Sent: August 5, 2008 2:10 PM
> To: users at openswan.org
> Subject: [Openswan Users] max of two tunnels sharing same phase 1?
> 
> Hello,
> 
> I'm trying to connect my linux firewall box to my work's Fortinet VPN 
> concentrator using Openswan and while I can get two of the 
> three tunnels 
> to work fine, I can never get more than two working. If I change the 
> order or only use two, any of them will work, so I know they are all 
> good individually. When I try and use more than two, the 
> traffic on the 
> way back seems to get lost. How do I make it so that all 
> three of those 
> tunnels work at the same time? Anyone have any idea why only two at a 
> time will work? My config is below...
> 
> 
> 
> conn test1
>     left=72.14.207.99
>     leftsubnet=172.16.30.0/24
>     leftsourceip=172.16.30.1
>     right=206.190.60.37
>     rightsubnet=172.25.7.0/24
>     #auth=esp
>     #auto=start
>     authby=secret
>     #specify encryption FortiGate VPN uses
>     #esp=des-md5
>     ike=3des-sha1-1024
>     esp=3des-md5
>     #perfect forward secrecy (default yes)
>     #pfs=no
>     #optionally enable compression
>     compress=yes
>     auto=start
> 
> conn test2
>     left=72.14.207.99
>     leftsubnet=172.16.30.0/24
>     leftsourceip=172.16.30.1
>     right=206.190.60.37
>     rightsubnet=192.168.0.0/16
>     #auth=esp
>     #auto=start
>     authby=secret
>     #specify encryption FortiGate VPN uses
>     #esp=des-md5
>     ike=3des-sha1-1024
>     esp=3des-md5
>     #perfect forward secrecy (default yes)
>     #pfs=no
>     #optionally enable compression
>     compress=yes
>     auto=start
> 
> conn test3
>     left=72.14.207.99
>     leftsubnet=172.16.30.0/24
>     leftsourceip=172.16.30.1
>     right=206.190.60.37
>     rightsubnet=172.15.1.0/24
>     #auth=esp
>     #auto=start
>     authby=secret
>     #specify encryption FortiGate VPN uses
>     #esp=des-md5
>     ike=3des-sha1-1024
>     esp=3des-md5
>     #perfect forward secrecy (default yes)
>     #pfs=no
>     #optionally enable compression
>     compress=yes
>     auto=start
> 
> 
> 
> Kind regards,
> Elvar
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-294632
> 7?n=283155

More information about the Users mailing list