[Openswan Users] IPsec.conf connection order

Paul Wouters paul at xelerance.com
Tue Sep 21 14:29:59 EDT 2010


On Tue, 21 Sep 2010, Troy Telford wrote:

> I'm having some trouble with my understanding of ipsec.conf;
> specifically, I'm not understanding how Openswan determines which
> connection is being made.

> In fact, it doesn't seem to matter that there are two pure IPsec
> connection types (one that is just the local subnet, the other is the
> 0.0.0.0/0).  It seems that no matter what I try, the first connection
> is the one that is used, regardless of anything that follows.

If the phase1 of two conns is equal, openswan has to pick one. It might realise
later by the different phase parameters that it needs to use the other conn, and
it will then do so. So the name at first can be misleading, but there is no way
of telling at that point.

Paul


More information about the Users mailing list