On Fri, 24 Nov 2017, John Crisp wrote:
conn LibreToDHCP leftcert="LibreBackup" rightcert="Endian" auto=add left=%defaultroute leftid=%fromcert leftsourceip=192.168.100.1 leftsubnet=192.168.100.0/24 right=%any rightid=%fromcert rightsubnet=192.168.101.0/24
conn LibreToMain leftcert="LibreMain" rightcert="Endian" auto=add left=%defaultroute leftid=%fromcert leftsourceip=192.168.100.1 leftsubnet=192.168.100.0/24 right=1.2.3.4 rightid=%fromcert rightsubnet=192.168.101.0/24
The issue here is that LibreToDHCP overlaps with LibreToMain because one has right=1.2.3.4 and the other has right=%any. But the ID's used are the same on both connections. Why can you not _only_ use the LibreToDHCP connection, since 1.2.3.4 can also be "any". That way, the connection will see a second attempt as replacing the existing connection, and you won't get "eroute already in use". Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
