Reachable network dependant on Phase 2 ordering



  • I have a mobile IPSec solution which was working fine on 2.2.3, which now exhibits very peculiar behaviour.

    It is connected to three internal subnets

    192.168.900.0/24 == (10.601.1.0/25,10.602.1.0/24 and 10.603.1.0/24)  [ networks edited for privacy reasons ]
    I can connect to the phase 1 connection properly without issues.

    But I can only reach the network that is "highest" in the GUI. If 10.601.1.0 is highest, I can reach that one, if 10.602.1.0 is highest, I can reach that one.

    I have not seen this behaviour before upgrading to 2.3.



  • If you are going to edit private network numbers, which I don't see the point of, don't use impossible numbers.



  • I have a setup to reach 2 separate networks, and it works fine, I can reach the second one in the list.
    What do you see in the status -> ipsec page when the tunnel is established ?



  • The raw output of 'ipsec statusall' would be helpful.


Log in to reply