[Swan] vti interface "vti01" already exists with conflicting setting (perhaps need vti-sharing=yes
Paul Wouters
paul at nohats.ca
Sun Aug 12 19:38:01 UTC 2018
On Mon, 13 Aug 2018, Kaushal Shriyan wrote:
> Subject: [Swan] vti interface "vti01" already exists with conflicting setting
> (perhaps need vti-sharing=yes
you can ignore that error for now. It is because we don't refcount the
connection instances.
> Hi,
> My routed based VPN Config file are as below
>
> conn routedvpn
> type=tunnel
> authby=secret
> left=%defaultroute
> leftid=18.167.117.167
> leftnexthop=%defaultroute
> leftsubnet=18.167.117.167/32
> right=156.114.90.5
> rightsubnet=156.114.88.100/32
> ike=aes128-sha1;modp1024
> phase2alg=aes128-sha1;modp1024
> pfs=yes
> auto=start
> mark=5/0xffffffff
> vti-interface=vti01
> #vti-routing=yes
If you have just a single conn with subnets, why not use vti-routing=yes ?
Ad you could add vti-sharing=no
> Aug 12 14:59:19.628292: "routedvpn" #2: up-client output: net.ipv4.conf.vti01.disable_policy = 1
> Aug 12 14:59:19.630450: "routedvpn" #2: up-client output: net.ipv4.conf.vti01.rp_filter = 0
> Aug 12 14:59:19.632198: "routedvpn" #2: up-client output: net.ipv4.conf.vti01.forwarding = 1
> Aug 12 14:59:19.643601: "routedvpn" #2: prepare-client output: vti interface "vti01" already exists with conflicting setting (perhaps need
> vti-sharing=yes ?
So this error can be ignored.
> Aug 12 14:59:19.657309: "routedvpn" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xc75ae8bf <0x7ffa45f4
> xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive}
things worked, but without vti-routing=yes you would have to add your
own routes for 156.114.88.100 into the vti device.
paul
More information about the Swan
mailing list