|
||||||||
> -----Original Message----- > From: Chris Buechler [mailto:cbuechler at gmail dot com] > Sent: Friday, February 27, 2009 5:56 PM > To: m0n0wall at lists dot m0n0 dot ch > Subject: Re: [m0n0wall] Multiple IPSEC tunnels between two endpoints > > On Fri, Feb 27, 2009 at 1:52 PM, Andrew Cotter > <andrew dot cotter at somersetcapital dot com> wrote: > >> -----Original Message----- > >> From: Lee Sharp [mailto:leesharp at hal dash pc dot org] > >> Sent: Friday, February 27, 2009 1:07 PM > >> To: m0n0wall at lists dot m0n0 dot ch > >> Subject: Re: [m0n0wall] Multiple IPSEC tunnels between two > endpoints > >> > >> You only need one tunnel, and appropriate routes and rules. > >> The tunnel is between the core router and the core router. > > > > So... Setup the one tunnel. > > > > 10.0.0.0/17 <---> 10.1.0.0/17 > > > > Once that is up and running, add a static route to say > > > > No, you were right initially. Static routes don't push > traffic over IPsec, the traffic has to match something in > your SPD. Since your subnets aren't CIDR-summarizable, you > have to use parallel tunnels, as you're doing. > > Aside from the difference in local and remote networks, I > believe you may also have to use a different PSK for each. I > don't recall for sure, that's what I've done in the past and it works. > I went back to the parrallel IPSEC tunnel concept, but I can not get both tunnels to be up a the same time. Like I said in the original email, as soon as I have both up the tunnels die. The "Pre-Shared Key" is different for the two tunnels. Most descriptive error I see in the log is Feb 28 02:20:18 racoon: ERROR: HASH mismatched Feb 28 02:20:18 racoon: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address. I have been over and over the settings and see nothing wrong especially since either of them works fine if the other tunnel is down. Andrew |