[Swan] releasing old connection to free the route
litauer at uni-koblenz.de
Mon Jan 24 15:18:56 EET 2022
I use libreswan 3.29 on an Ubuntu 20.04.3 LTS.
Until now we had a l2tp-setup using openswan 2.6.49 on an ubuntu 16.04.7. No problems, we had hundreds of users in parallel. Some of these users by accident use the same local ip address.
For security we have to upgrade to Ubuntu 20 and thus had to change to libreswan. Setup is nearly identical. But now we have a serious problem:
- User A uses local ip 192.168.55.45 behind NAT. Public IP is 188.8.131.52
- User B uses local ip 192.168.55.45 behind NAT. Public IP is 184.108.40.206
A starts the tunnel. As soon es B starts his tunnel, the tunnel for A is terminated and vice versa.
The log contains messages like this
Jan 24 13:50:18 l2tpnew pluto: "ikev1-nat" 220.127.116.11 #137: route to peer's client conflicts with "ikev1-nat" 18.104.22.168 22.214.171.124; releasing old connection to free the route
Jan 24 13:50:20 l2tpnew pluto: "ikev1-nat" 126.96.36.199 #138: route to peer's client conflicts with "ikev1-nat" 188.8.131.52 184.108.40.206; releasing old connection to free the route
We never had this kind of problem using 2.6.49. Seems as if it isn’t possible to use the same local ip in two connections, but this will happen very often in reality. Is there any help available?
Please don’t hesitate to ask for more logs or configuration files. As I am not very familiar with libreswan I didn’t know what would be of interest to solve the problem. Thanks a lot in advance!
Uni Koblenz, Computing Centre, Office A 022
Postfach 201602, 56016 Koblenz
Fon: +49 261 287-1311, Fax: -100 1311
More information about the Swan