4. Multiple tunnel error. The remote gateway "x.x.x.x" is already used by phase1

Multiple tunnel error. The remote gateway "x.x.x.x" is already used by phase1

  • K

    Hello,

    I would like to setup a redundant vpn connection between two sites.
    SiteA has 1 internet connection, SiteB has 2 internet connections.
    I want to setup 2 separate vpn tunnel between SiteA and SiteB.

    Small diagram of the network:

    |SiteA| –--- |Internet| ----- |SiteB|
                          \        /       
                            \ –---/

    The problem is when I am configuring ipsec on SiteB I got this error:

    The following input errors were detected:
        The remote gateway "x.x.x.x" is already used by phase1 "VPN S2S TRANSPORT2"."

    How can I solve this problem? I have to use this ip address as remote gateway since I do not have
    more than one public ip address.

    (additional info: I would like to use OSPF for load balance so moreover I would like to use GRE in ipsec tunnel
    and that is why I need to setup ipsec vpn in transport mode)
    Thanks for you help,

    klajosh
    ps.: if I was not clear please ask.

    0
  • Rebel Alliance Developer Netgate

    You can't do it that way unless you have a second IP address on the other side.

    It needs to add a static route to the other peer to make sure the right WAN gets used, and it can't add a static route for the same IP on both WANs. It just doesn't work that way.

    Some code was committed to 2.1 in the last week to do dynamic IPsec failover, it might be worth trying out.

    OpenVPN would have the same limit (re: static routes), at least in UDP mode, but that can be worked around in various ways with OpenVPN that would never work with IPsec.

    0
  • K

    Hi,
    Thanks for you reply. I have the same opinion. But I might have a workaround with openvpn.
    using site-to-site openvpn connection but with different udp port numbers.
    Because the topology above is just part of the network the real network looks like this:

    |SiteB|   
                  A  B     
                  A  B     
                  A  B     
                  A  B     
    |SiteA|–---|INTERNET|
                  C  D     
                  C  D     
                  C  D     
                  C  D     
                |SiteC|

    (A,B,C,D,- are internet links)

    SiteA has 1 internet link, SiteB,SiteC have 2 internet links. I want to use all the links to have redundancy between the two satellite sites (SiteA,SiteB)
    and  the central site: SiteC. What I have done so far: I created site-to-site openvpn tunnel between SiteB using A link and SiteC C link and between SiteB A
    link and SiteC D link. So far this works fine. SiteC is the openvpn server SiteB,SiteC will be the openvpn clients. For failover I am using quagga's ospf.
    So do you think this could work?

    Thanks,

    klajosh

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy