[Openswan Users] Openswan 2.4.13 - multiple tunnels problem
Maverick
maverick.pt at gmail.com
Mon Feb 8 18:56:27 EST 2010
Hi,
I've an Endian Firewall 2.3 that is running openswan 2.4.13, and I've
configured it to connect to other office cisco firewall
The other side only gives me access to 2 IPs not all subnet, my problem is
that the 2 tunnels come up ok but only the second one has acess to my
leftsubnet.
Both 10.112.32.78 and 10.112.32.70 can ping any ip on 192.168.2.0/24, but
only 10.112.32.70 can really connect to any port of any ip on
192.168.2.0/24, it seems that the last tunnel to come up is the one that
gets access to my network, this problem won't happen on 2.6.x, but is
difficult to change to a new version on this system because the kernel has
the old nat-t patch applied.
Any configuration I can make to avoid this problem?
This is my current configuration :
conn VDBSERVER
dpdaction=restart
dpddelay=30
dpdtimeout=120
left=my public ip
leftnexthop=%defaultroute
leftsubnet=192.168.2.0/24
leftsourceip=192.168.2.254
right=cisco public ip
rightsubnet=10.112.32.78/32
rightnexthop=%defaultroute
leftid=my public ip
rightid=cisco public ip
authby=secret
pfs=yes
ikelifetime=1h
keylife=8h
ike=aes256-sha-modp1024
esp=aes256-sha1
auto=start
conn VTSERVER
dpdaction=restart
dpddelay=30
dpdtimeout=120
left=my public ip
leftnexthop=%defaultroute
leftsubnet=192.168.2.0/24
leftsourceip=192.168.2.254
right=cisco public ip
rightsubnet=10.112.32.70/32
rightnexthop=%defaultroute
leftid=my public ip
rightid=cisco public ip
authby=secret
pfs=yes
ikelifetime=1h
keylife=8h
ike=aes256-sha-modp1024
esp=aes256-sha1
auto=start
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100208/600e4994/attachment.html
More information about the Users
mailing list