[Openswan Users] Problems using openswan and KLIPS on alias interface

Diogo V. kersting k at brlix.com
Fri Apr 29 07:06:22 EDT 2011 

In my machine I have two IP addresses of the same subnet:
eth1=192.168.10.70/24 and eth1:1=192.168.10.71/24.
When I start openswan it gives me the following errors:
## ##
ipsec_setup: Error: either "local" is duplicate, or "secondary" is a garbage.
ipsec_setup: Error: either "local" is duplicate, or "eth1" is a garbage.
## ##

And in auth.log I can see that the daemon "adds" only the eth1
interface(and don't add eth1:1):

## auth.log ##
Apr 28 15:42:56 brlix pluto[10448]: adding interface ipsec0/eth1
192.168.10.70:500
Apr 28 15:42:56 brlix pluto[10448]: adding interface ipsec0/eth1
192.168.10.70:4500
####

Anyone knows why?
If I put an address of a different subnet in eth1:1 it adds it normally.
## ##
Apr 29 08:00:27 brlix pluto[10731]: adding interface ipsec0/eth1:1
192.168.71.71:500
Apr 29 08:00:27 brlix pluto[10731]: adding interface ipsec0/eth1:1
192.168.71.71:4500
## ##

is there a way for me to manually "add" the alias interface?
Using this IP configuration, is it possible for me to run openswan
using the ip of eth1:1 ?

Here is my configuration:
## ipsec.conf ##
version 2.0

config setup
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
        interfaces="ipsec0=eth1:1"
        oe=off
        protostack=klips
## ##

## ip a ##
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN qlen 1000
    link/ether 90:e6:ba:d0:3b:3f brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.70/24 brd 192.168.10.255 scope global eth1
    inet 192.168.10.71/24 brd 192.168.10.255 scope global secondary eth1:1
    inet6 fe80::92e6:baff:fed0:3b3f/64 scope link
       valid_lft forever preferred_lft forever
3: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:05:00:20:94:46 brd ff:ff:ff:ff:ff:ff
4: vboxnet0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff
14: ipsec0: <NOARP,UP,LOWER_UP> mtu 16260 qdisc pfifo_fast state UNKNOWN qlen 10
    link/ether 90:e6:ba:d0:3b:3f brd ff:ff:ff:ff:ff:ff
    inet 192.168.71.71/32 scope global ipsec0
    inet6 fe80::92e6:baff:fed0:3b3f/128 scope link
       valid_lft forever preferred_lft forever
15: ipsec1: <NOARP> mtu 0 qdisc noop state DOWN qlen 10
    link/void
## ##

## ipsec --version ##
Linux Openswan 2.6.32 (klips)
## ##


On Thu, Apr 28, 2011 at 1:15 PM, Diogo V. kersting <k at brlix.com> wrote:
>

More information about the Users mailing list