[Swan] Error ”cannot install eroute” when rekey/reconnect from the same IP (for L2TP)
Paul Wouters
paul at nohats.ca
Fri May 8 17:24:35 EEST 2015
On Fri, 8 May 2015, Antonio Silva wrote:
> Not sure if this apply to me, i saw this same error in my log, "cannot
> install eroute -- it is in use for "tunnel2-nat", when behind NAT i tried to
> connect simultaneous users with windows and l2tp/ipsec
>
> I've installed libreswan 3.12.
>
> Is this setup possible?
>
> For openswan i found this
> https://lists.openswan.org/pipermail/users/2014-July/023037.html , but not
> sure if this apply to libreswan as well....
Yes it does. But you should really try to not start L2TP/IPsec
deployments anymore. That's really 1999.
You should use IKev2 or IKEv1 XAUTH ("Cisco IPsec mode")
The only client I know that does not support that without third party
clients is WinXP.
Please use XAUTH or IKEv2. If supporting mobile devices, the XAUTH will
be easier to do:
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH
Paul
More information about the Swan
mailing list