Hi,
I’m trying to establish a failover vpn using different links but same subnets:
Tunnel1: 192.168.100.1 <--> 192.168.200.1
172.16.20.0/24 <--> 172.16.10.0/24
Tunnel1: 192.168.300.1 <--> 192.168.400.1
172.16.20.0/24 <--> 172.16.10.0/24
If tunnel1 is down the traffic between the subnets will got via tunnel2, and
when tunnel1 is up again, the traffic will go via tunnel1.
But, when the second tunnel is up I got the error message:
Jul 13 12:45:14 vm pluto[15813]: "tunnel2" #13: cannot install kernel policy --
it is in use for "tunnel1"
Jul 13 12:45:14 vm pluto[15813]: "tunnel2" #13: state transition function for
STATE_QUICK_R0 had internal error
My configuration is:
conn tunnel1
pfs=no
type=tunnel
auto=start
ikev2=no
phase2=esp
authby=secret
keyingtries=3
ikelifetime=8h
salifetime=8h
left=192.168.100.1
leftsubnet=172.16.20.0/24
leftid=192.168.100.1
right=192.168.200.1
rightsubnet=172.16.10.0/24
rightid=192.168.200.1
dpddelay=30
dpdtimeout=60
dpdaction=hold
conn tunnel2
pfs=no
type=tunnel
auto=start
ikev2=no
phase2=esp
authby=secret
keyingtries=3
ikelifetime=8h
salifetime=8h
left=192.168.300.1
leftsubnet=172.16.20.0/24
leftid=192.168.300.1
right=192.168.400.1
rightsubnet=172.16.10.0/24
rightid=192.168.400.1
dpddelay=30
dpdtimeout=60
dpdaction=hold
I try libreswan git version, setting different priority in the configuration,
but got the same result, the second tunnel is not up.
I installed from a Debian package using make deb.
Can’t it be done? Or I should avoid this setup and use routing base vpn?
Thanks
—
Saludos / Regards / Cumprimentos
António Silva
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
