[Openswan Users] cannot route -- route already in use
krzysztof.marcinowicz at gmail.com
Mon Apr 27 13:19:10 EDT 2015
I'm trying to inter-connnect two AWS VPCs in different regions.
On one side (let's say in Ireland) I want to have an EC2 instance with
software VPN while on the other side (let's say in Oregon) I want to use
AWS hardware VPN which provides two tunnels for high availability.
I have a problem with setting up two tunnels on software VPN side that run
at the same time. Both tunnels as remote subnet point the same CIDR
(subnet) what seems to be a problem for OpenSwan/IPsec - while the first
tunnel is already running, an attempt of setting up the second tunnel
ipsec auto --up tunnel-2
117 "tunnel-2" #3: STATE_QUICK_I1: initiate
003 "tunnel-2" #3: cannot route -- route already in use for "tunnel-1"
032 "tunnel-2" #3: STATE_QUICK_I1: internal error
Let me define what IPs and CIDRs I have on both side:
Software VPN side (Ireland):
<I-EIP> // elastic/public IP address
<I-CIDR> // subnet CDIR
AWS VPN side (Oregon):
<O-CIDR> // subnet CDIR
<O-outside-VPG-1> // outside IP of Virtual Private Gateway
<O-inside-VPG-1> // inside IP of Virtual Private Gateway
<O-inside-CG-1> // inside IP of Customer Gateway
<O-outside-VPG-2> // outside IP of Virtual Private Gateway
<O-inside-VPG-2> // inside IP of Virtual Private Gateway
<O-inside-CG-2> // inside IP of Customer Gateway
And IPsec configuration:
Have already someone done something similar?
Any idea how to overcome this issue?
I found nearly no information on that except the following comment:
Both connections are using 192.168.3.0/24 as the remote net
(rightsubnet) which is why OpenSwan complains. Make sure each connection
uses the right remote net for each peer.
I’ll be thankful if you could help me to explain that issue.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users