[ previous ] [ next ] [ threads ]
 
 From:  Krzysztof Czajka <krzysztof dot czajka at telmor dot com dot pl>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Routing problem and ipsec
 Date:  Sat, 12 Aug 2006 12:02:47 +0200
> Use different identifiers for your tunnels (preshared keys, not interface IP). Then the m0n0 can
divide the 2 sessions and it will work.

Thanks all for reply.
Now I have some time without user-payload to deeper check this way.

Problem solved: Do not use "Main mode" in m0n0walls with more than 1
ipsec tunnel. When switched in aggressive mode it works well.


= some logs =
Algoritm seems to put in infinitive loop at:
racoon: debug: resend phase1 packet ef9e996e2c71d85c:fb17820d2ea8188e
racoon: debug: get pfkey acquire message
racoon: debug: ignore the acquire because ph2 found
racoon: debug: get pfkey acquire message
racoon: debug: ignore the acquire because ph2 found

>From diagnostic ipsec:
SAD: No IPsec security associations
SPD with 4 directions (two tunnels) seems ok.


Regards
Krzysztof