[Swan] Multiple Route-based VPNs between identical peers

Paul Wouters paul at nohats.ca
Tue Jan 31 19:57:45 UTC 2017


On Tue, 31 Jan 2017, Craig Marker wrote:

> I’m trying to setup multiple IPSec VTIs between two peers, but I haven’t been able to have both connections up at the
> same time.
> I have two linux boxes on my local network that I’m trying to configure to connect to a single AWS instance. The
> route-based VPN 
> functionality works great when there is only one tunnel present, but fails where there is two. Of note, the
> negotiation succeeds,

Are you using different mark= values for the different conns, as well as
a different vti name for the interface?

> however, I’m only able to ping across one of the tunnels.

This might be just related to how you ping. If not specifying ping -I,
you might just be using the source ip of one of your two tunnels?

> I’ve played around with a handful of configuration options to no avail. ‘vti-shared=yes’ doesn’t give me the
> functionality I need — I want unique tunnels
> for each connection.

It should just work.

Paul


More information about the Swan mailing list