[Openswan Users] redundant ipsec connections: route to peer's client conflicts with ... relesing old connection to free the route

Oguz Yilmaz oguzyilmazlist at gmail.com
Thu Jun 4 14:24:19 EDT 2009


Dear Paul,

I am using preshared key authentication on both sides.

Central is openswan-2.4.13 on kernel 2.6.18
Peer is openswan-2.4.7-1 on kernel 2.6.9-42.EL.

I only see this on the central machine and its logs.

I think openswan try to check if there is another route for the
destination to 172.19.0.0/24 (peer internal subnet). And find the
route previously established by first ipsec connection which is also
going to 172.19.0.0/24, however dst ip is other dsl connection of the
peer. So it says "route to peer's client conflicts with ... relesing
old connection to free the route"...




On Thu, Jun 4, 2009 at 8:52 PM, Paul Wouters <paul at xelerance.com> wrote:
> On Thu, 4 Jun 2009, Oguz Yilmaz wrote:
>
>>       left=CENTRALIPADDR
>>       leftsubnet=172.17.0.0/24
>>       right=PEERIPADDR2
>>       rightsubnet=172.19.0.0/24
>
>>       left=CENTRALIPADDR
>>       leftsubnet=10.0.0.0/8
>>       right=PEERIPADDR1
>>       rightsubnet=172.19.0.0/24
>
>>       left=CENTRALIPADDR
>>       leftsubnet=172.16.0.0/24
>>       right=PEERIPADDR1
>>       rightsubnet=172.19.0.0/24
>
> That all looks okay. I am not sure why the third connection would
> cause another to go down. What's the other end running? Not openswan?
>
> Could there be a "license" for 2 tunnels or something strange?
>
> Paul
>


More information about the Users mailing list