On Tue, 31 Jan 2017, Craig Marker wrote:
I’m trying to setup multiple IPSec VTIs between two peers, but I haven’t been able to have both connections up at the same time. I have two linux boxes on my local network that I’m trying to configure to connect to a single AWS instance. The route-based VPN functionality works great when there is only one tunnel present, but fails where there is two. Of note, the negotiation succeeds,
Are you using different mark= values for the different conns, as well as a different vti name for the interface?
however, I’m only able to ping across one of the tunnels.
This might be just related to how you ping. If not specifying ping -I, you might just be using the source ip of one of your two tunnels?
I’ve played around with a handful of configuration options to no avail. ‘vti-shared=yes’ doesn’t give me the functionality I need — I want unique tunnels for each connection.
It should just work. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
