[Openswan Users] OS / Netkey multiple tunnels
Paul Wouters
paul at xelerance.com
Mon Oct 19 11:32:46 EDT 2009
On Mon, 19 Oct 2009, Goffe, Don wrote:
> I'm able to connect a single tunnel to my cisco3000 concentrator. This
> in turn get assigned a subnet address that point to HOST1. When I try to
> open another tunnel to the same concentrator so that I can get a
> different subnet to HOST2 openswan seems to change the connection name
> back to the first tunnel.
>
> 002 "OPENSWAN" #3 Aggressive mode peer ID is ID_IPV$_ADDR: 10.10.1.11
> 002 "OPENSWAN" switched from "OPENSWAN" to "OPENSWAN1"
>
> Switching the order of the "conn OPENSWAN" and "conn OPENSWAN1"
> statements in the ipsec.conf effects which connection actually is
> allowed to connect.
No, openswan has to pick a name for the phase1. Since both tunnels have
the same phase1, openswan cannot always tell at the start which of the
two conns this is. So it just picks one. Once you get to phase2 and the
subnet is negotiated, it should "switch" to the right name.
Paul
More information about the Users
mailing list