[Swan] Error ”cannot install eroute” when rekey/reconnect from the same IP (for L2TP)

Paul Wouters paul at nohats.ca
Fri May 8 17:24:35 EEST 2015


On Fri, 8 May 2015, Antonio Silva wrote:

> Not sure if this apply to me, i saw this same error in my log, "cannot 
> install eroute -- it is in use for "tunnel2-nat", when behind NAT i tried to 
> connect simultaneous users with windows and l2tp/ipsec
>
> I've installed libreswan 3.12.
>
> Is this setup possible?
>
> For openswan i found this 
> https://lists.openswan.org/pipermail/users/2014-July/023037.html , but not 
> sure if this apply to libreswan as well....

Yes it does. But you should really try to not start L2TP/IPsec
deployments anymore. That's really 1999.

You should use IKev2 or IKEv1 XAUTH ("Cisco IPsec mode")

The only client I know that does not support that without third party
clients is WinXP.

Please use XAUTH or IKEv2. If supporting mobile devices, the XAUTH will
be easier to do:

https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH

Paul


More information about the Swan mailing list