j***@use.startmail.com
2015-07-26 19:05:23 UTC
Configured L2TP using slightly simplified instructions from https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-12-04-on-amazon-ec2/
(RHEL version https://gist.github.com/hwdsl2/e9a78a50e300d12ae195 )
I used latest libreswan-3.13-1.el6.i686 from epel, my own firewall rules and shorter sysctl list:
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.rp_filter = 0
Configured two users as suggested in https://gist.github.com/hwdsl2/123b886f29f4c689f531
First user connects fine, but second times out, with "cannot install eroute". Here is a fragment from log file:
Jul 26 14:16:25 localhost pluto[4299]: "vpnpsk"[8] <client external IP> #27: responding to Quick Mode proposal {msgid:ebbfa25f}
Jul 26 14:16:25 localhost pluto[4299]: "vpnpsk"[8] <client external IP> #27: us: <server IP>/32===<server IP><<server IP>>:17/1701
Jul 26 14:16:25 localhost pluto[4299]: "vpnpsk"[8] <client external IP> #27: them: <client external IP>[<client internal IP>]:17/0
Jul 26 14:16:25 localhost pluto[4299]: "vpnpsk"[8] <client external IP> #27: cannot install eroute -- it is in use for "vpnpsk"[6] <client external IP> #6
I saw similar subject in archives (https://lists.libreswan.org/pipermail/swan/2014/001001.html) but it seems to be a slightly different case.
Is this an ipsec limitation or error in configuration?
Thanks,
Josh.
(RHEL version https://gist.github.com/hwdsl2/e9a78a50e300d12ae195 )
I used latest libreswan-3.13-1.el6.i686 from epel, my own firewall rules and shorter sysctl list:
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.rp_filter = 0
Configured two users as suggested in https://gist.github.com/hwdsl2/123b886f29f4c689f531
First user connects fine, but second times out, with "cannot install eroute". Here is a fragment from log file:
Jul 26 14:16:25 localhost pluto[4299]: "vpnpsk"[8] <client external IP> #27: responding to Quick Mode proposal {msgid:ebbfa25f}
Jul 26 14:16:25 localhost pluto[4299]: "vpnpsk"[8] <client external IP> #27: us: <server IP>/32===<server IP><<server IP>>:17/1701
Jul 26 14:16:25 localhost pluto[4299]: "vpnpsk"[8] <client external IP> #27: them: <client external IP>[<client internal IP>]:17/0
Jul 26 14:16:25 localhost pluto[4299]: "vpnpsk"[8] <client external IP> #27: cannot install eroute -- it is in use for "vpnpsk"[6] <client external IP> #6
I saw similar subject in archives (https://lists.libreswan.org/pipermail/swan/2014/001001.html) but it seems to be a slightly different case.
Is this an ipsec limitation or error in configuration?
Thanks,
Josh.