[Openswan Users] [openswan] cannot route -- route already in
Simon Deziel
simon at xelerance.com
Sun Oct 19 15:21:24 EDT 2014
On 10/19/2014 02:09 AM, ozai Tien wrote:
> We would like to establish a failover/failback VPN environment.So we
> setup the same VPN configuration.
> In general,we work on tunnel1(test1-test2),Once the tunnel1 do not
> work,we will setup the tunnel2(test1-test3) to replace the tunnel1.
You can only "start" or "up" one tunnel at the time then. You probably
also want to look into enabling DPD on both tunnels.
> In the meantime,we will check tunnel1 status.when the tunnel1 back.we
> will transfer to tunnel1 and disconnect tunnel2.
You should check the connectivity to the peer IP (right=) to decide if
you should attempt a failover to the other tunnel.
Regards,
Simon
> In this case,Do you have any suggestions? Thank you very much.
>
> Best Regards,
> Ozai
>
> 2014-10-19 3:41 GMT+08:00 Simon Deziel <simon at xelerance.com
> <mailto:simon at xelerance.com>>:
>
> Hi Ozai,
>
> Both connections are using 192.168.3.0/24 <http://192.168.3.0/24> as
> the remote net
> (rightsubnet) which is why OpenSwan complains. Make sure each connection
> uses the right remote net for each peer.
>
> Regards,
> Simon
>
> On 10/18/2014 02:53 PM, ozai Tien wrote:
> > Dear Sirs,
> >
> > I want to establish 2 ipsec channels between these two as follows.
> >
> > test1(openswan 162.18.22.80)-----------test2(openswan 162.18.22.81)
> > test1(openswan 162.18.22.80)-----------test3(openswan 162.18.22.82)
> >
> > The connection test1-test2 gets established without any problem.
> > However, when the connection test1-test3 is setup, it gives following error:
> >
> > 117 "test1-test3" #4: STATE_QUICK_I1: initiate
> > 003 "test1-test3" #4: cannot route -- route already in use for "test1-test2"
> > 032 "test1-test3" #4: STATE_QUICK_I1: internal error
> >
> > Is it the routing issue?How do I check this question?Please help.
> > Thank you very much.
> >
> > Best Regards,
> > Ozai
> >
> >
> > # cat ipsec.conf
> > config setup
> > nat_traversal=no
> > oe=off
> > protostack=netkey
> > interfaces=%defaultroute
> >
> > conn test1-test2
> > left=162.18.22.80
> > leftsubnet=192.168.2.0/24 <http://192.168.2.0/24>
> <http://192.168.2.0/24>
> > rightsubnet=192.168.3.0/24 <http://192.168.3.0/24>
> <http://192.168.3.0/24>
> > connaddrfamily=ipv4
> > right=162.18.22.81
> > keyexchange=ike
> > ike=3des-md5;modp1024!
> > salifetime=480m
> > phase2=esp
> > phase2alg=3des-hmac_md5!;modp1024
> > pfs=yes
> > ikelifetime=60m
> > type=tunnel
> > authby=secret
> > auto=add
> >
> > conn test1-test3
> > left=162.18.22.80
> > leftsubnet=192.168.2.0/24 <http://192.168.2.0/24>
> <http://192.168.2.0/24>
> > rightsubnet=192.168.3.0/24 <http://192.168.3.0/24>
> <http://192.168.3.0/24>
> > connaddrfamily=ipv4
> > right=162.18.22.82
> > keyexchange=ike
> > ike=3des-md5;modp1024!
> > salifetime=480m
> > phase2=esp
> > phase2alg=3des-hmac_md5!;modp1024
> > pfs=yes
> > ikelifetime=60m
> > type=tunnel
> > authby=secret
> > auto=add
> > #
> > # cat ipsec.secrets
> > 162.18.22.80 162.18.22.81 : PSK "123"
> > 162.18.22.80 162.18.22.82 : PSK "123"
> > #
> >
> >
> >
> > _______________________________________________
> > Users at lists.openswan.org <mailto:Users at lists.openswan.org>
> > https://lists.openswan.org/mailman/listinfo/users
> > Micropayments:
> https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> > Building and Integrating Virtual Private Networks with Openswan:
> >
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> >
>
> _______________________________________________
> Users at lists.openswan.org <mailto:Users at lists.openswan.org>
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
More information about the Users
mailing list