[Swan] vti interface "vti01" already exists with conflicting setting (perhaps need vti-sharing=yes

Kaushal Shriyan kaushalshriyan at gmail.com
Sun Aug 12 18:38:36 UTC 2018 

Hi,

My routed based VPN Config file are as below

conn routedvpn
      type=tunnel
authby=secret
left=%defaultroute
leftid=18.167.117.167
        leftnexthop=%defaultroute
leftsubnet=18.167.117.167/32
right=156.114.90.5
rightsubnet=156.114.88.100/32
        ike=aes128-sha1;modp1024
        phase2alg=aes128-sha1;modp1024
        pfs=yes
        auto=start
mark=5/0xffffffff
        vti-interface=vti01
        #vti-routing=yes


I am facing the below issue

Aug 12 14:59:19.581257: added connection description "routedvpn"
Aug 12 14:59:19.581409: listening for IKE messages
Aug 12 14:59:19.581476: adding interface eth0/eth0 10.0.1.13:500
Aug 12 14:59:19.581497: adding interface eth0/eth0 10.0.1.13:4500
Aug 12 14:59:19.581532: adding interface lo/lo 127.0.0.1:500
Aug 12 14:59:19.581547: adding interface lo/lo 127.0.0.1:4500
Aug 12 14:59:19.581600: | setup callback for interface lo:4500 fd 19
Aug 12 14:59:19.581608: | setup callback for interface lo:500 fd 18
Aug 12 14:59:19.581613: | setup callback for interface eth0:4500 fd 17
Aug 12 14:59:19.581618: | setup callback for interface eth0:500 fd 16
Aug 12 14:59:19.581645: loading secrets from "/etc/ipsec.secrets"
Aug 12 14:59:19.581684: loading secrets from "/etc/ipsec.d/routed.secrets"
Aug 12 14:59:19.581890: "routedvpn" #1: initiating Main Mode
Aug 12 14:59:19.589574: "routedvpn" #1: STATE_MAIN_I2: sent MI2, expecting
MR2
Aug 12 14:59:19.597377: "routedvpn" #1: ignoring unknown Vendor ID payload
[381bf43a6998ec74fb66b898fef90758]
Aug 12 14:59:19.598044: "routedvpn" #1: STATE_MAIN_I3: sent MI3, expecting
MR3
Aug 12 14:59:19.605496: "routedvpn" #1: Peer ID is ID_IPV4_ADDR:
'156.154.90.5'
Aug 12 14:59:19.605710: "routedvpn" #1: STATE_MAIN_I4: ISAKMP SA
established {auth=PRESHARED_KEY cipher=aes_128 integ=sha group=MODP1024}
Aug 12 14:59:19.605737: "routedvpn" #2: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
{using isakmp#1 msgid:e53c2990 proposal=AES_CBC_128-HMAC_SHA1_96-MODP1024
pfsgroup=MODP1024}
Aug 12 14:59:19.615011: "routedvpn" #2: ignoring informational payload
IPSEC_RESPONDER_LIFETIME, msgid=e53c2990, length=28
Aug 12 14:59:19.615023: | ISAKMP Notification Payload
Aug 12 14:59:19.615026: |   00 00 00 1c  00 00 00 01  03 04 60 00
Aug 12 14:59:19.628292: "routedvpn" #2: up-client output:
net.ipv4.conf.vti01.disable_policy = 1
Aug 12 14:59:19.630450: "routedvpn" #2: up-client output:
net.ipv4.conf.vti01.rp_filter = 0
Aug 12 14:59:19.632198: "routedvpn" #2: up-client output:
net.ipv4.conf.vti01.forwarding = 1
Aug 12 14:59:19.643601: "routedvpn" #2: prepare-client output: vti
interface "vti01" already exists with conflicting setting (perhaps need
vti-sharing=yes ?
Aug 12 14:59:19.657309: "routedvpn" #2: STATE_QUICK_I2: sent QI2, IPsec SA
established tunnel mode {ESP=>0xc75ae8bf <0x7ffa45f4
xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive}
Aug 12 15:01:20.635652: shutting down
Aug 12 15:01:20.635715: forgetting secrets

I will appreciate if anyone can let me know the cause of the issue.

Best Regards,

Kaushal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180813/8c17cfd5/attachment.html>

More information about the Swan mailing list