[Openswan Users] "cannot install eroute" occurs for Mac OSX users behind same NAT (v2.6.33)

Brian Mastenbrook brian at mastenbrook.net
Wed May 18 15:46:53 EDT 2011 

On May 18, 2011, at 12:23 PM, Richard Schmidt wrote:

> Reinstalled v2.6.32. As I thought: Mac OSX users can connect from behind the same NAT using NETKEY.
> 
> I'm going to have to go with my previous assumption that ignoring the right subnet with the workaround prevents distinguishing connections from the same IP ("eroute in use"). 
> 
> The workaround solved my previous problem of reconnecting clients after the tunnel shutdown several hours ago (like 12-24 hours); getting the xl2tpd error "attempting to reuse tunnel". My pluto logs were looking exactly like the ones mentioned with the workaround so I didn't look further into it, but I can recreate the problem if that would help to have a log of my previous (v32 and lower) problem.
> 
> As it is though, v2.6.33's Mac OSX workaround works well as long as you only have one user on the IP at a time. Concurrent users are a no-go.
> 
> Is there anything I can do to give some better information about either problem? This started as an OSX peculiarity didn't it? Maybe there's a bug filed with them that I can track down.

I'm using openswan 2.6.33 and xl2tpd 1.2.7 on Ubuntu Lucid (10.04 LTS) with kernel 2.6.32-31-server, and I don't seem to have this issue. I can connect multiple Snow Leopard and iOS 4.x clients from behind the same NAT. I'm using PSK for IPsec. Reconnection of clients is handled by dead peer detection (DPD).

For reference I've attached my /etc/ipsec.conf and /etc/ppp/options.xl2tpd . Hopefully this will help you.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.conf
Type: application/octet-stream
Size: 1545 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20110518/1b383bac/attachment.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: options.xl2tpd
Type: application/octet-stream
Size: 182 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20110518/1b383bac/attachment-0001.obj 
-------------- next part --------------

--
Brian Mastenbrook
brian at mastenbrook.net
http://brian.mastenbrook.net/

More information about the Users mailing list