[Openswan Users] Two tunnels and the same remote subnet
Diego Woitasen
diego at woitasen.com.ar
Mon Sep 5 17:00:41 EDT 2011
On Fri, Sep 2, 2011 at 7:49 PM, Diego Woitasen <diego at woitasen.com.ar> wrote:
> Hi,
> We've been using for years the following escenario.
>
> - Two Openswan VPN concentrators.
> - 260 Openswan endpoints.
> - tunnel, subnet-to-subnet.
> - The same subnet behind the concentrators. 10.0.0.0/8
> - Two subnets behind the endpoints: for example: 10.12.160.0/24 and
> 10.22.160.0/24
> - Two tunnels simultaneously from every endpoint to every concentrator.
> - A fragment to the configuration of every endpoint is:
>
> conn gw1
> ip=5.6.7.8
> leftsubnet=10.0.0.0/8
> rightsubnet=10.12.160.0/24
>
> conn gw2
> ip=1.2.3.4
> leftsubnet=10.0.0.0/8
> rightsubnet=10.22.160.0/24
>
> This doesn't work anymore with Openswan 2.6.35 using KLIPS or NETKEY
> (Debian Squeeze, kernel 2.6.32). Openswan complains with "cannot route
> -- route already in use for...". We keep the tunnels running all the
> time to switch from one tunnel to another in case of failure and
> sometimes we send traffic via one tunnel or another. The switch is
> done with source nat (using Iptables NETMAP).
>
> Why this doesn't work anymore? Is this intentional?
>
> Regards,
> Diego
>
> --
> Diego Woitasen
>
I reported a bug for this because works with Strongswan so is a
userspace problem.
https://gsoc.xelerance.com/issues/1281
Regards,
Diego
--
Diego Woitasen
More information about the Users
mailing list