On Mon, 13 Aug 2018, Kaushal Shriyan wrote:
Subject: [Swan] vti interface "vti01" already exists with conflicting setting
(perhaps need vti-sharing=yes
you can ignore that error for now. It is because we don't refcount the
connection instances.
Hi,
My routed based VPN Config file are as below
conn routedvpn
type=tunnel
authby=secret
left=%defaultroute
leftid=18.167.117.167
leftnexthop=%defaultroute
leftsubnet=18.167.117.167/32
right=156.114.90.5
rightsubnet=156.114.88.100/32
ike=aes128-sha1;modp1024
phase2alg=aes128-sha1;modp1024
pfs=yes
auto=start
mark=5/0xffffffff
vti-interface=vti01
#vti-routing=yes
If you have just a single conn with subnets, why not use vti-routing=yes ?
Ad you could add vti-sharing=no
Aug 12 14:59:19.628292: "routedvpn" #2: up-client output:
net.ipv4.conf.vti01.disable_policy = 1
Aug 12 14:59:19.630450: "routedvpn" #2: up-client output:
net.ipv4.conf.vti01.rp_filter = 0
Aug 12 14:59:19.632198: "routedvpn" #2: up-client output:
net.ipv4.conf.vti01.forwarding = 1
Aug 12 14:59:19.643601: "routedvpn" #2: prepare-client output: vti interface
"vti01" already exists with conflicting setting (perhaps need
vti-sharing=yes ?
So this error can be ignored.
Aug 12 14:59:19.657309: "routedvpn" #2: STATE_QUICK_I2: sent QI2, IPsec SA
established tunnel mode {ESP=>0xc75ae8bf <0x7ffa45f4
xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive}
things worked, but without vti-routing=yes you would have to add your
own routes for 156.114.88.100 into the vti device.
paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
