Hi Jean-Francois,
Although new ISAKMP and IPSEC SAs have been established, the SPD entries
are not updated (still pointing to the old IP address).
In the mean time I was able to trace this down. The problem is that
trying to add a new SPD entry fails with -EEXIST. This can
be fixed by
Package: isakmpd
Version: 20041012-1
Severity: normal
When using multiple tunnels between two peers, multiple SPIs are
established. However, only one SPI is used by isakmpd for all outgoing
traffic. This causes problems if the peer does check incoming packets
against IP addresses the SPI was
could you check who many tunnels are setup in the kernel, the right
number i believe. Does the selector (SPD) matches what's been negotiated
between openswan and isakmpd ?
Could you send me more details like the verbose log of isakmpd as well
as the dump of the sa and spd on both side ?
If the
Hi Jean-Francois,
could you check who many tunnels are setup in the kernel, the right
number i believe. Does the selector (SPD) matches what's been negotiated
between openswan and isakmpd ?
Looks like the original problem is not reproducable. It might have been a
side effect of the second
4 matches
Mail list logo
