[Openswan Users] multiple subnets ?

Indunil Jayasooriya indunil75 at gmail.com
Wed Jun 25 07:12:43 EDT 2008


Hi,

Thanks for your quick responce.As you mentioned, I added 4 separate
tunnels to the my linux box where OpenSwan is running.

Then, I restarted the service. Now, I do not get such error.
in a FEW seconds, I checked the status with below command.

[root at firewall etc]# /etc/init.d/ipsec status
IPsec running  - pluto pid: 12587
pluto pid 12587
2 tunnels up

It said, 2 tunnels up.
Now, the question is, why it says 2 tunnels up, when I have 4 tunnels
in ipsec.conf file?

But, after 10 minutes, it said, 3 tunnels up. it took about 10 minutes
to come up the 3 rd tunnel.
Why is that?

but, yet 4 th tunnel has not come up. I am still waiting for it.


in addition to that, I can see below line after this commnad

tail -f /var/log/messages

Jun 25 16:00:24 firewall ipsec__plutorun: ...could not start conn "tunnelipsec1"

This is the full output

[root at firewall etc]# tail -f /var/log/messages
Jun 25 15:50:17 firewall ipsec__plutorun: 104 "tunnelipsec1" #1:
STATE_MAIN_I1: initiate
Jun 25 15:50:17 firewall ipsec__plutorun: ...could not start conn "tunnelipsec1"
Jun 25 16:00:23 firewall kernel: NET: Unregistered protocol family 15
Jun 25 16:00:23 firewall ipsec_setup: ...Openswan IPsec stopped
Jun 25 16:00:23 firewall kernel: NET: Registered protocol family 15
Jun 25 16:00:23 firewall kernel: padlock: VIA PadLock not detected.
Jun 25 16:00:23 firewall ipsec_setup: NETKEY on eth1
220.247.213.202/255.255.255.240 broadcast 220.247.213.207
Jun 25 16:00:23 firewall ipsec_setup: ...Openswan IPsec started
Jun 25 16:00:24 firewall ipsec__plutorun: 104 "tunnelipsec1" #1:
STATE_MAIN_I1: initiate
Jun 25 16:00:24 firewall ipsec__plutorun: ...could not start conn "tunnelipsec1"

help needed....


--------------------------------

> Something like this works for me with two
> networks on the other side of the tunnel, should work with 4 as well:
>
> conn tunnelipsec1
>        type=tunnel
>        left=1.2.3.4
>        leftsubnet=192.168.1.0/24
>        right=5.6.7.8
>        rightsubnet=10.10.49.0/24
>        esp=3des-md5
>        authby=secret
>        keyexchange=ike
>        pfs=no
>        auto=start
>
> conn tunnelipsec2
>        type=tunnel
>        left=1.2.3.4
>        leftsubnet=192.168.1.0/24
>        right=5.6.7.8
>        rightsubnet=192.168.46.0/24
>        esp=3des-md5
>        authby=secret
>        keyexchange=ike
>        pfs=no
>        auto=start
>
>
> conn tunnelipsec3
>        type=tunnel
>        left=1.2.3.4
>        leftsubnet=192.168.1.0/24
>        right=5.6.7.8
>        rightsubnet=192.168.50.0/24
>        esp=3des-md5
>        authby=secret
>        keyexchange=ike
>        pfs=no
>        auto=start
>
>
> conn tunnelipsec4
>        type=tunnel
>        left=1.2.3.4
>        leftsubnet=192.168.1.0/24
>        right=5.6.7.8
>        rightsubnet=192.168.55.0/24
>        esp=3des-md5
>        authby=secret
>        keyexchange=ike
>        pfs=no auto=start
>
>
>> Can't OpenSwan have 4 subnets?
>
> It can but you have to configure separate tunnels.

-- 
Thank you
Indunil Jayasooriya


More information about the Users mailing list