[Swan] Multiple Route-based VPNs between identical peers
Paul Wouters
paul at nohats.ca
Tue Jan 31 19:57:45 UTC 2017
On Tue, 31 Jan 2017, Craig Marker wrote:
> I’m trying to setup multiple IPSec VTIs between two peers, but I haven’t been able to have both connections up at the
> same time.
> I have two linux boxes on my local network that I’m trying to configure to connect to a single AWS instance. The
> route-based VPN
> functionality works great when there is only one tunnel present, but fails where there is two. Of note, the
> negotiation succeeds,
Are you using different mark= values for the different conns, as well as
a different vti name for the interface?
> however, I’m only able to ping across one of the tunnels.
This might be just related to how you ping. If not specifying ping -I,
you might just be using the source ip of one of your two tunnels?
> I’ve played around with a handful of configuration options to no avail. ‘vti-shared=yes’ doesn’t give me the
> functionality I need — I want unique tunnels
> for each connection.
It should just work.
Paul
More information about the Swan
mailing list