> Are you using different mark= values for the different conns, as well as > a different vti name for the interface?
I have unique marks on each individual connection. I also have unique interface names for each connection. > This might be just related to how you ping. If not specifying ping -I, > you might just be using the source ip of one of your two tunnels? I’ve played around with that, and it hasn’t worked for me. I just tried it again. When I ping from the AWS instance, the pings are received by each host and replies are sent. However, only the ping replies from the host with the tunnel that was connected most recently are received back by the AWS instance. > On Jan 31, 2017, at 11:57 AM, Paul Wouters <[email protected]> wrote: > > On Tue, 31 Jan 2017, Craig Marker wrote: > >> I’m trying to setup multiple IPSec VTIs between two peers, but I haven’t >> been able to have both connections up at the >> same time. >> I have two linux boxes on my local network that I’m trying to configure to >> connect to a single AWS instance. The >> route-based VPN >> functionality works great when there is only one tunnel present, but fails >> where there is two. Of note, the >> negotiation succeeds, > > Are you using different mark= values for the different conns, as well as > a different vti name for the interface? > >> however, I’m only able to ping across one of the tunnels. > > This might be just related to how you ping. If not specifying ping -I, > you might just be using the source ip of one of your two tunnels? > >> I’ve played around with a handful of configuration options to no avail. >> ‘vti-shared=yes’ doesn’t give me the >> functionality I need — I want unique tunnels >> for each connection. > > It should just work. > > Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
