[Openswan Users] Multiple Connections

Elison Niven elison.niven at elitecore.com
Wed May 15 13:54:44 UTC 2013 

Hi,

Both your connections are essentially the same except for your left 
subnets.
You can combine them to a single connection and specify the leftsubnets 
parameter:

leftsubnets=172.28.130.1/24,172.28.101.1/24

Or you can use leftsubnet=172.28.0.0/16 and achieve the selective 
network access via iptables.

On Wednesday 15 May 2013 06:49:57 PM IST, Jeremy Schaeffer wrote:
> I cannot get multiple connections to work at the same time. If I
> connect them one at a time they work, but if one is connected, the
> second one kicks that one off and then they fight back and forth
> logging in and out. What am I missing? This worked a year ago but I
> stopped using it and I am now back to using it and something changed.
> I am using a newer version so maybe is a version thing. All the
> clients are dynamic addresses, using Netgear FVS318G units, server is
> static.  Here is the config -
>
> config setup
>         interfaces=%defaultroute
>         myid=@vpn.****.biz
>         nat_traversal=yes
>         oe=off
>         protostack=netkey
>         syslog=syslog.info
>         virtual_private=%v4:172.29.0.0/16
>         # Enable this if you see "failed to find any available worker"
>         # nhelpers=0
>
> #You may put your configuration (.conf) file in the "/etc/ipsec.d/"
> and uncomment this.
> #include /etc/ipsec.d/*.conf
>
> conn VOIP-VPN
>         auth=esp
>         authby=secret
>         auto=add
>         dpdtimeout=30
>         dpddelay=60
>         dpdaction=clear
>         ike=3des-md5;modp1024
>         ikelifetime=8h
>         salifetime=8h
>         left=69.12.16.29
>         leftid=@vpn.****.biz
>         leftnexthop=69.12.16.29
>         leftsourceip=172.28.130.9
>         leftsubnet=172.28.130.1/24
>         pfs=yes
>         phase2alg=3des-md5;modp1024
>         right=%any
>         rightnexthop=%defaultroute
>         rightsubnet=vhost:%priv,%no
>
> conn Local-VPN
>         auth=esp
>         authby=secret
>         auto=add
>         dpdtimeout=30
>         dpddelay=60
>         dpdaction=clear
>         ike=3des-md5;modp1024
>         ikelifetime=8h
>         salifetime=8h
>         left=69.12.16.29
>         leftid=@vpn.****.biz
>         leftnexthop=69.12.16.29
>         leftsourceip=172.28.101.9
>         leftsubnet=172.28.101.1/24
>         pfs=yes
>         phase2alg=3des-md5;modp1024
>         right=%any
>         rightnexthop=%defaultroute
>         rightsubnet=vhost:%priv,%no
>
>
>   -- Jeremy
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>

--
Best Regards,
Elison Niven

More information about the Users mailing list