[Openswan Users] OS / Netkey multiple tunnels

Paul Wouters paul at xelerance.com
Thu Oct 22 12:03:50 EDT 2009


On Thu, 22 Oct 2009, Michael H. Warfield wrote:

>> No, openswan has to pick a name for the phase1. Since both tunnels have
>> the same phase1, openswan cannot always tell at the start which of the
>> two conns this is. So it just picks one. Once you get to phase2 and the
>> subnet is negotiated, it should "switch" to the right name.
>
> That's always been a source of confusion and never ending debugging
> heartburn since the earliest of the FreeSWAN days.  If the connection
> name is picked arbitrarily and isn't significant, can't we just pick
> something like "default" (which is already a special case) or "Phase1"

That would make no sense. You can have multiple conns of which some but not
all share the same phase1. Why not display as much as possible? If you have
two sites with two tunnels each, totalling 4 conns, and 2 unique phase1's,
you do want the name to be one of the two, not some default name that could
be any of the 4.

> I know it would seem to be "cosmetic" but it would cut down on the
> confusion.  Does it have to be a legitimate valid connection that's
> chosen at random or can it be a pseudo connection?

I don't think it would cause less confusion. It would become harder to debug.

Paul


More information about the Users mailing list