[Openswan Users] max of two tunnels sharing same phase 1?
Agent Smith
news8080 at yahoo.com
Fri Aug 15 09:46:28 EDT 2008
I use 4 tunnels to same host with diff. destinations openswan<->cisco3000
works fine, phase 1 gets reused for all 4 only phase2 gets re-established at timeout.
it would be nice to have
rightsubnet=subnet1, subnet2, subnet3
but I understand it'll prob. be tricky in code and all it really would do is beautify the ipsec.conf which can be easily done with #includes
--- On Tue, 8/5/08, Peter McGill <petermcgill at goco.net> wrote:
> From: Peter McGill <petermcgill at goco.net>
> Subject: Re: [Openswan Users] max of two tunnels sharing same phase 1?
> To: "'Elvar'" <elvar at elvar.org>, users at openswan.org
> Date: Tuesday, August 5, 2008, 2:25 PM
> Elvar,
>
> Openswan is certainly not limited to two tunnels per host,
> I use more myself.
> I'll attempt to find the cause of your problem.
>
> Please make sure you have developer debugging off in your
> ipsec.conf:
> config setup
> klipsdebug=none
> plutodeubg=none
>
> Then after restarting, connect your tunnels, run your ping
> tests and send
> the output of the tests along with an attached ipsec barf
> to me off-list.
> ipsec barf > ipsec_barf.txt
>
> Peter McGill
> IT Systems Analyst
> Gra Ham Energy Limited
>
> > -----Original Message-----
> > From: users-bounces at openswan.org
> > [mailto:users-bounces at openswan.org] On Behalf Of Elvar
> > Sent: August 5, 2008 2:10 PM
> > To: users at openswan.org
> > Subject: [Openswan Users] max of two tunnels sharing
> same phase 1?
> >
> > Hello,
> >
> > I'm trying to connect my linux firewall box to my
> work's Fortinet VPN
> > concentrator using Openswan and while I can get two of
> the
> > three tunnels
> > to work fine, I can never get more than two working.
> If I change the
> > order or only use two, any of them will work, so I
> know they are all
> > good individually. When I try and use more than two,
> the
> > traffic on the
> > way back seems to get lost. How do I make it so that
> all
> > three of those
> > tunnels work at the same time? Anyone have any idea
> why only two at a
> > time will work? My config is below...
> >
> >
> >
> > conn test1
> > left=72.14.207.99
> > leftsubnet=172.16.30.0/24
> > leftsourceip=172.16.30.1
> > right=206.190.60.37
> > rightsubnet=172.25.7.0/24
> > #auth=esp
> > #auto=start
> > authby=secret
> > #specify encryption FortiGate VPN uses
> > #esp=des-md5
> > ike=3des-sha1-1024
> > esp=3des-md5
> > #perfect forward secrecy (default yes)
> > #pfs=no
> > #optionally enable compression
> > compress=yes
> > auto=start
> >
> > conn test2
> > left=72.14.207.99
> > leftsubnet=172.16.30.0/24
> > leftsourceip=172.16.30.1
> > right=206.190.60.37
> > rightsubnet=192.168.0.0/16
> > #auth=esp
> > #auto=start
> > authby=secret
> > #specify encryption FortiGate VPN uses
> > #esp=des-md5
> > ike=3des-sha1-1024
> > esp=3des-md5
> > #perfect forward secrecy (default yes)
> > #pfs=no
> > #optionally enable compression
> > compress=yes
> > auto=start
> >
> > conn test3
> > left=72.14.207.99
> > leftsubnet=172.16.30.0/24
> > leftsourceip=172.16.30.1
> > right=206.190.60.37
> > rightsubnet=172.15.1.0/24
> > #auth=esp
> > #auto=start
> > authby=secret
> > #specify encryption FortiGate VPN uses
> > #esp=des-md5
> > ike=3des-sha1-1024
> > esp=3des-md5
> > #perfect forward secrecy (default yes)
> > #pfs=no
> > #optionally enable compression
> > compress=yes
> > auto=start
> >
> >
> >
> > Kind regards,
> > Elvar
> >
> > _______________________________________________
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> > Building and Integrating Virtual Private Networks with
> Openswan:
> >
> http://www.amazon.com/gp/product/1904811256/104-3099591-294632
> > 7?n=283155
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with
> Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list