[Openswan Users] OS / Netkey multiple tunnels

Michael H. Warfield mhw at WittsEnd.com
Thu Oct 22 12:35:28 EDT 2009 

On Thu, 2009-10-22 at 12:03 -0400, Paul Wouters wrote: 
> On Thu, 22 Oct 2009, Michael H. Warfield wrote:
> 
> >> No, openswan has to pick a name for the phase1. Since both tunnels have
> >> the same phase1, openswan cannot always tell at the start which of the
> >> two conns this is. So it just picks one. Once you get to phase2 and the
> >> subnet is negotiated, it should "switch" to the right name.
> >
> > That's always been a source of confusion and never ending debugging
> > heartburn since the earliest of the FreeSWAN days.  If the connection
> > name is picked arbitrarily and isn't significant, can't we just pick
> > something like "default" (which is already a special case) or "Phase1"

> That would make no sense. You can have multiple conns of which some but not
> all share the same phase1. Why not display as much as possible? If you have
> two sites with two tunnels each, totalling 4 conns, and 2 unique phase1's,
> you do want the name to be one of the two, not some default name that could
> be any of the 4.

Actually, I realized after I sent it that I should have read the
previous message more closely.  I was referring to the earlier messages
before anything is established.  Just never mind me.  Chalk it up to
caffeine deficiency this morning.

> > I know it would seem to be "cosmetic" but it would cut down on the
> > confusion.  Does it have to be a legitimate valid connection that's
> > chosen at random or can it be a pseudo connection?

> I don't think it would cause less confusion. It would become harder to debug.

Concur.  Never mind.  :-)

> Paul

Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20091022/c5870efa/attachment.bin

More information about the Users mailing list