[Openswan Users] Eroute after rekeying
Andrew Nowrot
andrew.nowrot at gmail.com
Thu Feb 17 15:06:48 EST 2011
Hi
I have got a question regarding my configuration.
My config look like this:
conn tunnel1
left=xxx.yyy.vvv.zzz
leftid=%myid
leftnexthop=xxx.yyy.vvv.zz1
leftsendcert=always
leftcert=cert.cer
leftrsasigkey=%cert
leftsubnet=0.0.0.0/0
leftupdown=/etc/ipsec.d/updown
right=xxx.yyy.vvv.zz2
rightid=name
rightsendcert=always
rightrsasigkey=%cert
rightsubnet=0.0.0.0/0
authby=rsasig
phase2=esp
keyexchange=ike
ike=aes256-sha1;modp1024
ikev2=no
phase2alg=aes256-sha1-96
pfs=yes
ikelifetime=86400s
keylife=3600s
type=tunnel
overlapip=yes
auto=start
conn tunnel2
left=xxx.yyy.vvv.zzz
leftid=%myid
leftnexthop=xxx.yyy.vvv.zz3
leftsendcert=always
leftcert=cert1.cer
leftrsasigkey=%cert
leftsubnet=0.0.0.0/0
leftupdown=/etc/ipsec.d/updown
right=xxx.yyy.vvv.zz4
rightid=name2
rightsendcert=always
rightrsasigkey=%cert
rightsubnet=0.0.0.0/0
authby=rsasig
phase2=esp
keyexchange=ike
ike=aes256-sha1;modp1024
ikev2=no
phase2alg=aes256-sha1-96
pfs=yes
ikelifetime=86400s
keylife=3600s
type=tunnel
overlapip=yes
auto=start
The tunnels are from my machine to two different locations. Both
tunnels are up, but I have a problem to reach the remote end of the
tunnel which came up first. My ipsec eroute looks like this:
0 0.0.0.0/0 -> 0.0.0.0/0 => tun0x1003xxx.yyy.vvv.zz4
OK so a have added two additionals routes by hand and both tunnels
started working (I can reach the resources behind first tunnel)
0 0.0.0.0/0 -> aaa.bbb.ccc.ddd/30 =>
tun0x1001 at xxx.yyy.vvv.zz2
0 0.0.0.0/0 -> xxx.yyy.vvv.0/24 =>
tun0x1001 at xxx.yyy.vvv.zz2
But after renegotiation (rekeying each hour) the routes added by me
are still pointing to old tunnels in this case tun0x1001.
Is there I way to fix this? Or maybe I did somethig wrong?
Best regards
Andrew
More information about the Users
mailing list