[Swan] Error ”cannot install eroute” when rekey/reconnect from the same IP (for L2TP)

Antonio Silva asilva at wirelessmundi.com
Fri May 8 18:16:34 EEST 2015

Hi Paul,

Thanks for the tip and link.


On 05/08/2015 04:24 PM, Paul Wouters wrote:
> On Fri, 8 May 2015, Antonio Silva wrote:
>> Not sure if this apply to me, i saw this same error in my log, 
>> "cannot install eroute -- it is in use for "tunnel2-nat", when behind 
>> NAT i tried to connect simultaneous users with windows and l2tp/ipsec
>> I've installed libreswan 3.12.
>> Is this setup possible?
>> For openswan i found this 
>> https://lists.openswan.org/pipermail/users/2014-July/023037.html , 
>> but not sure if this apply to libreswan as well....
> Yes it does. But you should really try to not start L2TP/IPsec
> deployments anymore. That's really 1999.
> You should use IKev2 or IKEv1 XAUTH ("Cisco IPsec mode")
> The only client I know that does not support that without third party
> clients is WinXP.
> Please use XAUTH or IKEv2. If supporting mobile devices, the XAUTH will
> be easier to do:
> https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH 
> Paul

António Silva

More information about the Swan mailing list