I tried to set up 2 IPSec tunnels to remote site with same protected networks.
Only one tunnel can be fully setup. The other one got the following error
message:
Jul 13 21:58:48.166338: "MPLS_Group_2" #26: cannot route -- route already in
use for "MPLS_Group_1"
Jul 13 21:58:48.166352: "MPLS_Group_2" #26: encountered fatal error in state
STATE_PARENT_I2
Is this use case supported in libreswan? If yes, what do I need to do? Iam
using Libreswan 3.32.
My side's config:
conn MPLS_Group_1
left=10.0.0.6
leftsubnet=10.0.0.0/16
right=10.104.0.100
rightsubnet=10.104.0.0/16
authby=secret
nat-keepalive=yes
auto=start
rekey=yes
ikev2=yes
ike=aes128-sha2;dh5
ikelifetime=3600
dpdtimeout=300
dpddelay=15
phase2=esp
phase2alg=aes_gcm256-null
pfs=no
salifetime=86400
conn MPLS_Group_2
left=10.0.0.6
leftsubnet=10.0.0.0/16
right=10.104.0.101
rightsubnet=10.104.0.0/16
authby=secret
nat-keepalive=yes
auto=start
rekey=yes
ikev2=yes
ike=aes128-sha2;dh5
ikelifetime=3600
dpdtimeout=300
dpddelay=15
phase2=esp
phase2alg=aes_gcm256-null
pfs=no
salifetime=86400
Remote site is 2 VMs, each has StrongSwan running.
Config on VM1:
conn talari
left=10.104.0.101
leftid=10.104.0.101
leftsubnet=10.104.1.0/16
leftauth=psk
right=10.0.0.6
rightid=10.0.0.6
rightsubnet=10.0.0.0/16
rightauth=psk
auto=start
ike=aes128-sha1-modp1536
esp=aes256gcm16
Config on VM2:
conn talari
left=10.104.0.100
leftid=10.104.0.100
leftsubnet=10.104.1.0/16
leftauth=psk
right=10.0.0.6
rightid=10.0.0.6
rightsubnet=10.0.0.0/16
rightauth=psk
auto=start
ike=aes128-sha1-modp1536
esp=aes256gcm16
Thanks,
Wei
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
