[Swan] Failover VPN subnet to subnet using different links
antonio
asilva at wirelessmundi.com
Thu Jul 13 19:11:39 EEST 2023
Hi,
I’m trying to establish a failover vpn using different links but same subnets:
Tunnel1: 192.168.100.1 <--> 192.168.200.1
172.16.20.0/24 <--> 172.16.10.0/24
Tunnel1: 192.168.300.1 <--> 192.168.400.1
172.16.20.0/24 <--> 172.16.10.0/24
If tunnel1 is down the traffic between the subnets will got via tunnel2, and when tunnel1 is up again, the traffic will go via tunnel1.
But, when the second tunnel is up I got the error message:
Jul 13 12:45:14 vm pluto[15813]: "tunnel2" #13: cannot install kernel policy -- it is in use for "tunnel1"
Jul 13 12:45:14 vm pluto[15813]: "tunnel2" #13: state transition function for STATE_QUICK_R0 had internal error
My configuration is:
conn tunnel1
pfs=no
type=tunnel
auto=start
ikev2=no
phase2=esp
authby=secret
keyingtries=3
ikelifetime=8h
salifetime=8h
left=192.168.100.1
leftsubnet=172.16.20.0/24
leftid=192.168.100.1
right=192.168.200.1
rightsubnet=172.16.10.0/24
rightid=192.168.200.1
dpddelay=30
dpdtimeout=60
dpdaction=hold
conn tunnel2
pfs=no
type=tunnel
auto=start
ikev2=no
phase2=esp
authby=secret
keyingtries=3
ikelifetime=8h
salifetime=8h
left=192.168.300.1
leftsubnet=172.16.20.0/24
leftid=192.168.300.1
right=192.168.400.1
rightsubnet=172.16.10.0/24
rightid=192.168.400.1
dpddelay=30
dpdtimeout=60
dpdaction=hold
I try libreswan git version, setting different priority in the configuration, but got the same result, the second tunnel is not up.
I installed from a Debian package using make deb.
Can’t it be done? Or I should avoid this setup and use routing base vpn?
Thanks
—
Saludos / Regards / Cumprimentos
António Silva
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20230713/67bde085/attachment.htm>
More information about the Swan
mailing list