[Openswan Users] [openswan] cannot route -- route already in

Simon Deziel simon at xelerance.com
Sat Oct 18 15:41:45 EDT 2014 

Hi Ozai,

Both connections are using 192.168.3.0/24 as the remote net
(rightsubnet) which is why OpenSwan complains. Make sure each connection
uses the right remote net for each peer.

Regards,
Simon

On 10/18/2014 02:53 PM, ozai Tien wrote:
> Dear Sirs,
>  
> I want to establish 2 ipsec channels between these two as follows.
> 
> test1(openswan 162.18.22.80)-----------test2(openswan 162.18.22.81)
> test1(openswan 162.18.22.80)-----------test3(openswan 162.18.22.82)
> 
> The connection test1-test2 gets established without any problem.
> However, when the connection test1-test3 is setup, it gives following error:
> 
> 117 "test1-test3" #4: STATE_QUICK_I1: initiate
> 003 "test1-test3" #4: cannot route -- route already in use for "test1-test2"
> 032 "test1-test3" #4: STATE_QUICK_I1: internal error
> 
> Is it the routing issue?How do I check this question?Please help.
> Thank you very much.
>  
> Best Regards,
> Ozai
>  
> 
> # cat ipsec.conf
> config setup
>                 nat_traversal=no
>                 oe=off
>                 protostack=netkey
>                 interfaces=%defaultroute
>  
> conn test1-test2
>                 left=162.18.22.80
>                 leftsubnet=192.168.2.0/24 <http://192.168.2.0/24>
>                 rightsubnet=192.168.3.0/24 <http://192.168.3.0/24>
>                 connaddrfamily=ipv4
>                 right=162.18.22.81
>                 keyexchange=ike
>                 ike=3des-md5;modp1024!
>                 salifetime=480m
>                 phase2=esp
>                 phase2alg=3des-hmac_md5!;modp1024
>                 pfs=yes
>                 ikelifetime=60m
>                 type=tunnel
>                 authby=secret
>                 auto=add
>  
> conn test1-test3
>                 left=162.18.22.80
>                 leftsubnet=192.168.2.0/24 <http://192.168.2.0/24>
>                 rightsubnet=192.168.3.0/24 <http://192.168.3.0/24>
>                 connaddrfamily=ipv4
>                 right=162.18.22.82
>                 keyexchange=ike
>                 ike=3des-md5;modp1024!
>                 salifetime=480m
>                 phase2=esp
>                 phase2alg=3des-hmac_md5!;modp1024
>                 pfs=yes
>                 ikelifetime=60m
>                 type=tunnel
>                 authby=secret
>                 auto=add
> #
> # cat ipsec.secrets
> 162.18.22.80 162.18.22.81 : PSK "123"
> 162.18.22.80 162.18.22.82 : PSK "123"
> #
>  
> 
> 
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

More information about the Users mailing list