[Swan] Error ”cannot install eroute” when rekey/reconnect from the same IP (for L2TP)
Antonio Silva
asilva at wirelessmundi.com
Fri May 8 18:16:34 EEST 2015
Hi Paul,
Thanks for the tip and link.
Regards,
António
On 05/08/2015 04:24 PM, Paul Wouters wrote:
> On Fri, 8 May 2015, Antonio Silva wrote:
>
>> Not sure if this apply to me, i saw this same error in my log,
>> "cannot install eroute -- it is in use for "tunnel2-nat", when behind
>> NAT i tried to connect simultaneous users with windows and l2tp/ipsec
>>
>> I've installed libreswan 3.12.
>>
>> Is this setup possible?
>>
>> For openswan i found this
>> https://lists.openswan.org/pipermail/users/2014-July/023037.html ,
>> but not sure if this apply to libreswan as well....
>
> Yes it does. But you should really try to not start L2TP/IPsec
> deployments anymore. That's really 1999.
>
> You should use IKev2 or IKEv1 XAUTH ("Cisco IPsec mode")
>
> The only client I know that does not support that without third party
> clients is WinXP.
>
> Please use XAUTH or IKEv2. If supporting mobile devices, the XAUTH will
> be easier to do:
>
> https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH
>
>
> Paul
--
---
António Silva
More information about the Swan
mailing list