[Openswan Users] Again: dtd with two tunnels

Michael Schwartzkopff misch at multinet.de
Thu Feb 26 07:18:50 EST 2009 

Hi,

I posted this problem two weeks ago but did not recieve any answer. So I try 
to post it again.

we have two tunnels configured to the same gateway but different subnets on our 
side. See: config for the connectios below. Everything seems to work, except 
for dead peer detection:

ipsec whack --status gives:
(...)
000 "haitecairit":   dpd: action:restart; delay:30; timeout:120; 
(...)
000 "haitecairit2":   dpd: action:restart; delay:30; timeout:120; 
(...)
000 #203: "haitecairit":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); 
EVENT_SA_REPLACE in 27390s; newest IPSEC; eroute owner
000 #203: "haitecairit" esp.de35d31c at x.y.237.28 esp.e5784f37 at x.y.237.250 
tun.0 at x.y.237.28 tun.0 at x.y.237.250
000 #202: "haitecairit2":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); 
EVENT_SA_REPLACE in 27434s; newest IPSEC; eroute owner
000 #202: "haitecairit2" esp.de35d31b at x.y.237.28 esp.f608300b at x.y.237.250 
tun.0 at x.y.237.28 tun.0 at x.y.237.250
000 #155: "haitecairit2":500 STATE_MAIN_I4 (ISAKMP SA established); 
EVENT_SA_REPLACE in 1179s; newest ISAKMP; lastdpd=12s(seq in:17719 out:0)

Please note that the line with "latestdpd" occures only on the connection 
"haitecairit2".

If a problem in the line occues only the connection "haitecairit2" is 
restarted by dpd, the other connection remains unconnencted.

Does OpenSWAN only check the other gateway one time, even if severeral 
connections to the same gateway are defined? Is this a bug? Or did I just miss 
some configurations?

Thanks for any help.

--

Connection definition

conn haitecairit
        type=tunnel
        auth=esp
        authby=secret
        ike=aes128
        esp=aes128
        pfs=yes
        left=x.y.237.28
        leftsubnet=172.17.10.0/24
        right=x.y.237.250
        rightsubnet=172.19.0.0/16
        auto=start
        dpddelay=30
        dpdtimeout=120
        dpdaction=restart

conn haitecairit2
        type=tunnel
        auth=esp
        authby=secret
        ike=aes128
        esp=aes128
        pfs=yes
        left=x.y.237.28
        leftsubnet=172.17.10.0/24
        right=x.y.237.250
        rightsubnet=172.18.1.0/24
        auto=start
        dpddelay=30
        dpdtimeout=120
        dpdaction=restart


-- 
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany
Tel: +49 - 89 - 45 69 11 0
Fax: +49 - 89 - 45 69 11 21
mob: +49 - 174 - 343 28 75

mail: misch at multinet.de
web: www.multinet.de

Sitz der Gesellschaft: 85630 Grasbrunn
Registergericht: Amtsgericht München HRB 114375
Geschäftsführer: Günter Jurgeneit, Hubert Martens

---

PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42

More information about the Users mailing list