could you check who many tunnels are setup in the kernel, the right
number i believe. Does the selector (SPD) matches what's been negotiated
between openswan and isakmpd ?
Could you send me more details like the verbose log of isakmpd as well
as the dump of the sa and spd on both side ?
If the traffic is not sent to the proper tunnel: or the spd entries are
not properly set, or this is a routing issue.
tx,
J.
On Fri, Jan 06, 2006 at 02:32:45PM +0100, Jochen Friedrich wrote:
> Package: isakmpd
> Version: 20041012-1
> Severity: normal
>
> When using multiple tunnels between two peers, multiple SPIs are
> established. However, only one SPI is used by isakmpd for all outgoing
> traffic. This causes problems if the peer does check incoming packets
> against IP addresses the SPI was negotiated for like OpenSwan does by
> default (no parameter disablearrivalcheck set). This means only one tunnel
> is actually working if a connection between isakmpd and OpenSwan is
> configured with more than one tunnel.
>
> -- System Information:
> Debian Release: testing/unstable
> APT prefers testing
> APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
> Architecture: i386 (i686)
> Shell: /bin/sh linked to /bin/bash
> Kernel: Linux 2.6.14-2-686
> Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
>
> Versions of packages isakmpd depends on:
> ii libc6 2.3.5-8 GNU C Library: Shared libraries
> an
> ii libgmp3c2 4.1.4-11 Multiprecision arithmetic library
> ii libkeynote0 2.3-10 Decentralized Trust-Management
> sys
> ii libssl0.9.8 0.9.8a-5 SSL shared libraries
>
> isakmpd recommends no packages.
>
> -- no debconf information
--
--
-> Jean-Francois Dive
--> [EMAIL PROTECTED]
I think that God in creating Man somewhat overestimated his ability.
-- Oscar Wilde
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
