Hi,
We've been using for years the following escenario.
- Two Openswan VPN concentrators.
- 260 Openswan endpoints.
- tunnel, subnet-to-subnet.
- The same subnet behind the concentrators. 10.0.0.0/8
- Two subnets behind the endpoints: for example: 10.12.160.0/24 and
10.22.160.0/24
- Two tunnels simultaneously from every endpoint to every concentrator.
- A fragment to the configuration of every endpoint is:
conn gw1
ip=5.6.7.8
leftsubnet=10.0.0.0/8
rightsubnet=10.12.160.0/24
conn gw2
ip=1.2.3.4
leftsubnet=10.0.0.0/8
rightsubnet=10.22.160.0/24
This doesn't work anymore with Openswan 2.6.35 using KLIPS or NETKEY
(Debian Squeeze, kernel 2.6.32). Openswan complains with "cannot route
-- route already in use for...". We keep the tunnels running all the
time to switch from one tunnel to another in case of failure and
sometimes we send traffic via one tunnel or another. The switch is
done with source nat (using Iptables NETMAP).
Why this doesn't work anymore? Is this intentional?
Regards,
Diego
-- Diego WoitasenReceived on Fri Sep 02 2011 - 18:08:24 MDT
This archive was generated by hypermail 2.2.0 : Sat Sep 03 2011 - 12:00:02 MDT