[Openswan Users] redundant ipsec connections: route to peer's client conflicts with ... relesing old connection to free the route
Paul Wouters
paul at xelerance.com
Thu Jun 4 08:46:51 EDT 2009
On Thu, 4 Jun 2009, Oguz Yilmaz wrote:
It should work, so I suspect a configuration issue somewhere.
Paul
> I have a problem with Openswan.
> I got the message "route to peer's client conflicts with ..., relesing
> old connection to free the route"
> On the central vpn machine I have 3 ipsec connecstions:
>
> vpn1: 10.0.0.0/8 -> CentralVPNServer -> İnternetCloud -> İnternetDSL1
> -> PeerSite1 (172.19.0.0/24)
>
> vpn2: 172.16.0.0/24 -> CentralVPNServer -> İnternetCloud ->
> İnternetDSL2 -> PeerSite1 (172.19.0.0/24)
>
> vpn3: 172.17.0.0/24 -> CentralVPNServer -> İnternetCloud ->
> İnternetDSL2 -> PeerSite1 (172.19.0.0/24)
>
>
> As you can see PeerSite1 has 2 internet connections. Two of ipsecs are
> through line 2, one of is through line 1.
> I want to connect 3 networks behind CentralVPNServer to the peersite
> over 2 peer internet lines.
>
> At a moment only connections coming over one of DSL lines are up. WHen
> vpn2+vpn3 up, vpn1 comes and openswan drops vpn2+vpn3 and establish
> vpn1. This continues as vice versa. In an unknown time (from 5 to 15
> minutes) all of three vpns are established together).
>
> I think it is about the route which CentralVPNServer want to establish:
>
> What can you propose?
>
> Note: If I try leftsubnet=0.0.0.0;/0 on CentralVPNServer, it can not
> match incoming VPN request with this definition.
>
> Openswan version: openswan-2.4.13
> Kernel: 2.6.18
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list