[Openswan Users] Two connections on the same external interface

tom at unreal.pl tom at unreal.pl
Sun Sep 2 08:17:44 EDT 2012 

Hi,
I'm trying to setup two connections, using the same external interface. The kernel module used is KLIPS, opeswan version 2.6.37.


My topology looks like this:
One main concentrator:

config setup
        nat_traversal=no
        interfaces="%defaultroute"
        syslog=daemon.error
        pluto=yes
        plutowait=no
        plutorestartoncrash=yes
        virtual_private=%4:172.16.0.0/12,%4:172.20.0.0/16,%4:172.21.0.0/16
        nhelpers=0
        fragicmp=no
        hidetos=yes
        uniqueids=yes
	protostack=klips
        myid=@vpn.dozynkowa
        oe=no

conn DOZ-to-SDC
        type=tunnel
        left=vpn.dozynkowa
                leftid = @vpn.dozynkowa
                leftsubnets={172.20.0.0/16 172.21.0.0/16}
                leftsourceip=172.20.0.17
                right=vpn.sdc
                rightid = @vpn.sdc
                rightsubnet=0.0.0.0/0
                rightnexthop=vpn.sdc
                rightupdown=/etc/ipsec.d/ipsec-routing.sh

conn DOZ-to-DYW
        type=tunnel
        left=vpn.dozynkowa
                leftid = @vpn.dozynkowa
                leftsubnets={172.20.0.0/16 172.21.0.0/16}
                leftsourceip=172.20.0.17
                right=vpn.dywizjonu
                rightid = @vpn.dywizjonu
                rightsubnet=0.0.0.0/0
                rightnexthop=vpn.dywizjonu
                rightupdown=/etc/ipsec.d/ipsec-routing.sh

I can establish both connections but I'm having packets lost - If client A is receiving icmp respones, than client B can't. After 10 packets sent, client B receives and client A don't.


Both are using  the same ipsec0 interface. Also i have tried to use

config setup
        interfaces="ipsec0=ppp0 ipsec1=ppp1"
But:

Sep 02 13:52:56 [pluto] added connection description "DOZ-to-SDC/1x0"
Sep 02 13:52:56 [pluto] added connection description "DOZ-to-SDC/2x0"
Sep 02 13:52:56 [pluto] added connection description "DOZ-to-DYW/1x0"
Sep 02 13:52:57 [pluto] added connection description "DOZ-to-DYW/2x0"
Sep 02 13:52:57 [pluto] listening for IKE messages
Sep 02 13:52:57 [pluto] ipsec interfaces ipsec1 and ipsec0 share same address 178.36.XX.YY
Sep 02 13:52:57 [pluto] no public interfaces found
Sep 02 13:52:57 [pluto] loading secrets from "/etc/ipsec.secrets"
Sep 02 13:52:57 [pluto] initiating all conns with alias='DOZ-to-SDC'
Sep 02 13:52:57 [pluto] "DOZ-to-SDC/2x0": We cannot identify ourselves with either end of this connection.
Sep 02 13:52:57 [pluto] "DOZ-to-SDC/1x0": We cannot identify ourselves with either end of this connection.
Sep 02 13:52:57 [pluto] initiating all conns with alias='DOZ-to-DYW'
Sep 02 13:52:57 [pluto] "DOZ-to-DYW/2x0": We cannot identify ourselves with either end of this connection.
Sep 02 13:52:57 [pluto] "DOZ-to-DYW/1x0": We cannot identify ourselves with either end of this connection.

Thank You for Reading.

Best Regards
-------------------
Wys³ano ze strony unreal.pl (http://unreal.pl)

More information about the Users mailing list