> -----Original Message-----
> From: Chris Buechler [mailto:cbuechler at gmail dot com]
> Sent: Friday, February 27, 2009 5:56 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] Multiple IPSEC tunnels between two endpoints
> On Fri, Feb 27, 2009 at 1:52 PM, Andrew Cotter
> <andrew dot cotter at somersetcapital dot com> wrote:
> >> -----Original Message-----
> >> From: Lee Sharp [mailto:leesharp at hal dash pc dot org]
> >> Sent: Friday, February 27, 2009 1:07 PM
> >> To: m0n0wall at lists dot m0n0 dot ch
> >> Subject: Re: [m0n0wall] Multiple IPSEC tunnels between two
> >> You only need one tunnel, and appropriate routes and rules.
> >> The tunnel is between the core router and the core router.
> > So... Setup the one tunnel.
> > 10.0.0.0/17 <---> 10.1.0.0/17
> > Once that is up and running, add a static route to say
> No, you were right initially. Static routes don't push
> traffic over IPsec, the traffic has to match something in
> your SPD. Since your subnets aren't CIDR-summarizable, you
> have to use parallel tunnels, as you're doing.
> Aside from the difference in local and remote networks, I
> believe you may also have to use a different PSK for each. I
> don't recall for sure, that's what I've done in the past and it works.
I went back to the parrallel IPSEC tunnel concept, but I can not get both
tunnels to be up a the same time. Like I said in the original email, as
soon as I have both up the tunnels die. The "Pre-Shared Key" is different
for the two tunnels.
Most descriptive error I see in the log is
Feb 28 02:20:18 racoon: ERROR: HASH mismatched
Feb 28 02:20:18 racoon: NOTIFY: couldn't find the proper pskey, try
to get one by the peer's address.
I have been over and over the settings and see nothing wrong especially
since either of them works fine if the other tunnel is down.