[Openswan Users] [openswan] cannot route -- route already in
ozai Tien
ozai.tien at gmail.com
Sun Oct 19 02:09:53 EDT 2014
Hi Simon,
Thank's for your reply.
We would like to establish a failover/failback VPN environment.So we setup
the same VPN configuration.
In general,we work on tunnel1(test1-test2),Once the tunnel1 do not work,we
will setup the tunnel2(test1-test3) to replace the tunnel1.
In the meantime,we will check tunnel1 status.when the tunnel1 back.we will
transfer to tunnel1 and disconnect tunnel2.
In this case,Do you have any suggestions? Thank you very much.
Best Regards,
Ozai
2014-10-19 3:41 GMT+08:00 Simon Deziel <simon at xelerance.com>:
> Hi Ozai,
>
> Both connections are using 192.168.3.0/24 as the remote net
> (rightsubnet) which is why OpenSwan complains. Make sure each connection
> uses the right remote net for each peer.
>
> Regards,
> Simon
>
> On 10/18/2014 02:53 PM, ozai Tien wrote:
> > Dear Sirs,
> >
> > I want to establish 2 ipsec channels between these two as follows.
> >
> > test1(openswan 162.18.22.80)-----------test2(openswan 162.18.22.81)
> > test1(openswan 162.18.22.80)-----------test3(openswan 162.18.22.82)
> >
> > The connection test1-test2 gets established without any problem.
> > However, when the connection test1-test3 is setup, it gives following
> error:
> >
> > 117 "test1-test3" #4: STATE_QUICK_I1: initiate
> > 003 "test1-test3" #4: cannot route -- route already in use for
> "test1-test2"
> > 032 "test1-test3" #4: STATE_QUICK_I1: internal error
> >
> > Is it the routing issue?How do I check this question?Please help.
> > Thank you very much.
> >
> > Best Regards,
> > Ozai
> >
> >
> > # cat ipsec.conf
> > config setup
> > nat_traversal=no
> > oe=off
> > protostack=netkey
> > interfaces=%defaultroute
> >
> > conn test1-test2
> > left=162.18.22.80
> > leftsubnet=192.168.2.0/24 <http://192.168.2.0/24>
> > rightsubnet=192.168.3.0/24 <http://192.168.3.0/24>
> > connaddrfamily=ipv4
> > right=162.18.22.81
> > keyexchange=ike
> > ike=3des-md5;modp1024!
> > salifetime=480m
> > phase2=esp
> > phase2alg=3des-hmac_md5!;modp1024
> > pfs=yes
> > ikelifetime=60m
> > type=tunnel
> > authby=secret
> > auto=add
> >
> > conn test1-test3
> > left=162.18.22.80
> > leftsubnet=192.168.2.0/24 <http://192.168.2.0/24>
> > rightsubnet=192.168.3.0/24 <http://192.168.3.0/24>
> > connaddrfamily=ipv4
> > right=162.18.22.82
> > keyexchange=ike
> > ike=3des-md5;modp1024!
> > salifetime=480m
> > phase2=esp
> > phase2alg=3des-hmac_md5!;modp1024
> > pfs=yes
> > ikelifetime=60m
> > type=tunnel
> > authby=secret
> > auto=add
> > #
> > # cat ipsec.secrets
> > 162.18.22.80 162.18.22.81 : PSK "123"
> > 162.18.22.80 162.18.22.82 : PSK "123"
> > #
> >
> >
> >
> > _______________________________________________
> > Users at lists.openswan.org
> > https://lists.openswan.org/mailman/listinfo/users
> > Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> > Building and Integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> >
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20141019/667c7c10/attachment.html>
More information about the Users
mailing list