<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi, I'm trying to connect to amazon VPN using strongswan 4.2.4 on
debian 5.0.8 but I have some problems.<br>
<br>
Here is how the setup is designed from amazon side.<br>
Amazon have 2 public IP addresses and we connect to the 2 ips using
2 distinct vpn connection. However those connection are initiated
(on our side) by only 1 server. So we use the same public ip address
on our side.<br>
<br>
So we establish the connection with the following subnets
169.254.255.0/30 and 169.254.255.4/30 (one for each vpn connection).
<br>
So far, I'm able to make this connection up and running. The problem
comes when I need to route other subnets to this VPN connection with
BGP. In my case I defined on amazon side the following subnet:
10.144.0.0/16. But when I try to use this subnet the packets don't
seem to be routed to the tunnel. Of course bgp is up and the routes
are added by bgp.<br>
<br>
I've been able to make the setup work with manual commands and weird
(to me since i'm far from beeing an expert on ipsec/ike)
configuration. But i'm pretty sure there is a clean way to make this
works without too much problems.<br>
<br>
Could you please help me on how to setup this connection properly?<br>
Thank you.<br>
<br>
Here are the 2 configuration settings I've been able to use to bring
up the vpn connection. The 1st one can't route the 10.144/16 network
even though I add xfrm policies, and the 2nd one is working, but
only one vpn comes up because it can't add the same route on the 2
vpn connections and I have to run some ip xfrm commands to make it
work.<br>
<br>
Here is the amazon VPN Connection Configuration<br>
<br>
<b>connection 1:</b><br>
Outside IP Addresses:<br>
- Customer Gateway: : *my_pub_ip*<br>
- VPN Gateway : 72.21.209.225<br>
<br>
Inside IP Addresses<br>
- Customer Gateway : 169.254.255.2/30<br>
- VPN Gateway : 169.254.255.1/30<br>
<br>
Configure the IKE SA as follows<br>
- Authentication Method : Pre-Shared Key <br>
- Pre-Shared Key : *my_psk1*<br>
- Authentication Algorithm : sha1<br>
- Encryption Algorithm : aes-128-cbc<br>
- Lifetime : 28800 seconds<br>
- Phase 1 Negotiation Mode : main<br>
- Perfect Forward Secrecy : Diffie-Hellman Group 2<br>
<br>
Configure the IPSec SA as follows:<br>
- Protocol : esp<br>
- Authentication Algorithm : hmac-sha1-96<br>
- Encryption Algorithm : aes-128-cbc<br>
- Lifetime : 3600 seconds<br>
- Mode : tunnel<br>
- Perfect Forward Secrecy : Diffie-Hellman Group 2<br>
<br>
The Border Gateway Protocol (BGPv4) is used within the tunnel,
between the inside<br>
IP addresses, to exchange routes from the VPC to your home network.
Each<br>
BGP router has an Autonomous System Number (ASN). Your ASN was
provided <br>
to AWS when the Customer Gateway was created.<br>
<br>
BGP Configuration Options:<br>
- Customer Gateway ASN : 65136 <br>
- VPN Gateway ASN : 7224<br>
- Neighbor IP Address : 169.254.255.1<br>
- Neighbor Hold Time : 30<br>
<br>
Configure BGP to announce the default route (0.0.0.0/0) to the VPN
Connection<br>
Gateway. The VPN Gateway will announce prefixes to your Customer <br>
Gateway based upon the prefixes assigned in the creation of the VPC.<br>
<br>
<br>
<b>Connection 2:</b><br>
<br>
Outside IP Addresses:<br>
- Customer Gateway: : *my_pub_ip*<br>
- VPN Gateway : 72.21.209.193<br>
<br>
Inside IP Addresses<br>
- Customer Gateway : 169.254.255.6/30<br>
- VPN Gateway : 169.254.255.5/30<br>
<br>
Configure the IKE SA as follows<br>
- Authentication Method : Pre-Shared Key <br>
- Pre-Shared Key : *my_psk2*<br>
- Authentication Algorithm : sha1<br>
- Encryption Algorithm : aes-128-cbc<br>
- Lifetime : 28800 seconds<br>
- Phase 1 Negotiation Mode : main<br>
- Perfect Forward Secrecy : Diffie-Hellman Group 2<br>
<br>
Configure the IPSec SA as follows:<br>
- Protocol : esp<br>
- Authentication Algorithm : hmac-sha1-96<br>
- Encryption Algorithm : aes-128-cbc<br>
- Lifetime : 3600 seconds<br>
- Mode : tunnel<br>
- Perfect Forward Secrecy : Diffie-Hellman Group 2<br>
<br>
<br>
The Border Gateway Protocol (BGPv4) is used within the tunnel,
between the inside<br>
IP addresses, to exchange routes from the VPC to your home network.
Each<br>
BGP router has an Autonomous System Number (ASN). Your ASN was
provided <br>
to AWS when the Customer Gateway was created.<br>
<br>
BGP Configuration Options:<br>
- Customer Gateway ASN : 65136 <br>
- VPN Gateway ASN : 7224<br>
- Neighbor IP Address : 169.254.255.5<br>
- Neighbor Hold Time : 30<br>
<br>
Configure BGP to announce the default route (0.0.0.0/0) to the VPN
Connection<br>
Gateway. The VPN Gateway will announce prefixes to your Customer <br>
Gateway based upon the prefixes assigned in the creation of the VPC.<br>
<br>
<br>
And here is the configuration I've been trying to setup.<br>
<br>
<b>configuration 1: (10.144/16 not working at all)</b><br>
ipsec.secrets:<br>
*my_pub_ip* 72.21.209.225 : PSK "*my_psk1*"<br>
*my_pub_ip* 72.21.209.193 : PSK "*my_psk2*"<br>
<br>
strongswan.conf:<br>
charon {<br>
}<br>
pluto {<br>
}<br>
libstrongswan {<br>
}<br>
<br>
ipsec.conf<br>
config setup<br>
charonstart=no<br>
plutostart=yes<br>
strictcrlpolicy=no<br>
<br>
conn vac1<br>
keyexchange=ikev1<br>
auto=start<br>
authby=psk<br>
compress=no<br>
type=tunnel<br>
ike=aes128-sha1-modp1024<br>
pfs=yes<br>
left=*my_pub_ip*<br>
leftsourceip=169.254.255.2/30<br>
right=72.21.209.225<br>
rightsourceip=169.254.255.1/30<br>
<br>
conn vac2<br>
keyexchange=ikev1<br>
auto=start<br>
authby=psk<br>
compress=no<br>
type=tunnel<br>
ike=aes128-sha1-modp1024<br>
pfs=yes<br>
left=*my_pub_ip*<br>
leftsourceip=169.254.255.6/30<br>
right=72.21.209.193<br>
rightsourceip=169.254.255.5/30<br>
<br>
sudo /etc/init.d/ipsec start<br>
Starting strongSwan 4.2.4 IPsec [starter]...<br>
multiple default routes - cannot cope with %defaultroute!!!<br>
<br>
ip xfrm state<br>
src *my_pub_ip* dst 72.21.209.225<br>
proto esp spi 0xd49408d7 reqid 16385 mode tunnel<br>
replay-window 32 <br>
auth hmac(sha1) 0x3696cf0b7cbd526edf0b8793084334a6095b3cff<br>
enc cbc(aes) 0x30114b8b79147b3c13c2b7218690b6d2<br>
sel src 0.0.0.0/0 dst 0.0.0.0/0 <br>
src 72.21.209.225 dst *my_pub_ip*<br>
proto esp spi 0xb0c07db9 reqid 16385 mode tunnel<br>
replay-window 32 <br>
auth hmac(sha1) 0xd344ac06e528c175a9be5c8f7519a9ff4afb17ab<br>
enc cbc(aes) 0x44e6172afdf19dd8a65b216a7af68890<br>
sel src 0.0.0.0/0 dst 0.0.0.0/0 <br>
src *my_pub_ip* dst 72.21.209.193<br>
proto esp spi 0x89e3ed52 reqid 16389 mode tunnel<br>
replay-window 32 <br>
auth hmac(sha1) 0xaf259a9e3b69ea2d2ca0ce1455f554423cb9b66c<br>
enc cbc(aes) 0x8cf4a967db5f0dde1b57cfe66655c915<br>
sel src 0.0.0.0/0 dst 0.0.0.0/0 <br>
src 72.21.209.193 dst *my_pub_ip*<br>
proto esp spi 0x50c171bb reqid 16389 mode tunnel<br>
replay-window 32 <br>
auth hmac(sha1) 0x9d3b74757f63d31a4800a57856ae906157c064ef<br>
enc cbc(aes) 0xb37734dc1199d74030032776d2078ddc<br>
sel src 0.0.0.0/0 dst 0.0.0.0/0 <br>
<br>
ip xfrm policy<br>
src 169.254.255.2/32 dst 169.254.255.1/32 <br>
dir out priority 2080 ptype main <br>
tmpl src *my_pub_ip* dst 72.21.209.225<br>
proto esp reqid 16385 mode tunnel<br>
src 169.254.255.1/32 dst 169.254.255.2/32 <br>
dir fwd priority 2080 ptype main <br>
tmpl src 72.21.209.225 dst *my_pub_ip*<br>
proto esp reqid 16385 mode tunnel<br>
src 169.254.255.1/32 dst 169.254.255.2/32 <br>
dir in priority 2080 ptype main <br>
tmpl src 72.21.209.225 dst *my_pub_ip*<br>
proto esp reqid 16385 mode tunnel<br>
src 169.254.255.6/32 dst 169.254.255.5/32 <br>
dir out priority 2080 ptype main <br>
tmpl src *my_pub_ip* dst 72.21.209.193<br>
proto esp reqid 16389 mode tunnel<br>
src 169.254.255.5/32 dst 169.254.255.6/32 <br>
dir fwd priority 2080 ptype main <br>
tmpl src 72.21.209.193 dst *my_pub_ip*<br>
proto esp reqid 16389 mode tunnel<br>
src 169.254.255.5/32 dst 169.254.255.6/32 <br>
dir in priority 2080 ptype main <br>
tmpl src 72.21.209.193 dst *my_pub_ip*<br>
proto esp reqid 16389 mode tunnel<br>
src ::/0 dst ::/0 <br>
dir 4 priority 0 ptype main <br>
src ::/0 dst ::/0 <br>
dir 3 priority 0 ptype main <br>
src 0.0.0.0/0 dst 0.0.0.0/0 <br>
...<br>
<br>
bgpd:<br>
sh ip bgp<br>
...<br>
*> 10.144.0.0/16 169.254.255.1 100 150 7224
i<br>
* 169.254.255.5 100 100 7224 i<br>
...<br>
<br>
ip route | grep 10.144<br>
10.144.0.0/16 via 169.254.255.1 dev eth1 proto zebra metric 100 <br>
<br>
ip route get 10.144.8.30<br>
10.144.8.30 via 169.254.255.1 dev eth1 src 169.254.255.2 <br>
cache mtu 1500 advmss 1460 hoplimit 64<br>
<br>
ping 10.144.8.30<br>
PING 10.144.8.30 (10.144.8.30) 56(84) bytes of data.<br>
From 169.254.255.2 icmp_seq=1 Destination Host Unreachable<br>
From 169.254.255.2 icmp_seq=2 Destination Host Unreachable<br>
From 169.254.255.2 icmp_seq=3 Destination Host Unreachable<br>
<br>
ping -I 10.123.0.22 10.144.8.30<br>
PING 10.144.8.30 (10.144.8.30) from 10.123.0.22 : 56(84) bytes of
data.<br>
From 10.123.0.22 icmp_seq=1 Destination Host Unreachable<br>
From 10.123.0.22 icmp_seq=2 Destination Host Unreachable<br>
From 10.123.0.22 icmp_seq=3 Destination Host Unreachable<br>
<br>
auth.log<br>
Jul 8 15:04:58 vpn-fw1.mdc.gameloft.org pluto[30451]: loading
secrets from "/etc/ipsec.secrets"<br>
Jul 8 15:04:58 vpn-fw1.mdc.gameloft.org pluto[30451]: loading
secrets from "/var/lib/strongswan/ipsec.secrets.inc"<br>
Jul 8 15:04:58 vpn-fw1.mdc.gameloft.org pluto[30451]: loaded
private key file '/etc/ipsec.d/private/vpn-fw1Key.pem' (1679 bytes)<br>
Jul 8 15:04:58 vpn-fw1.mdc.gameloft.org pluto[30451]: loaded
shared key for 72.21.209.225 *my_pub_ip* <br>
Jul 8 15:04:58 vpn-fw1.mdc.gameloft.org pluto[30451]: loaded
shared key for 72.21.209.193 *my_pub_ip* <br>
Jul 8 15:04:58 vpn-fw1.mdc.gameloft.org pluto[30451]: added
connection description "vac1"<br>
Jul 8 15:04:58 vpn-fw1.mdc.gameloft.org pluto[30451]: "vac1" #1:
initiating Main Mode<br>
Jul 8 15:04:58 vpn-fw1.mdc.gameloft.org pluto[30451]: added
connection description "vac2"<br>
Jul 8 15:04:58 vpn-fw1.mdc.gameloft.org pluto[30451]: "vac2" #2:
initiating Main Mode<br>
Jul 8 15:04:58 vpn-fw1.mdc.gameloft.org pluto[30451]: "vac2" #2:
received Vendor ID payload [Dead Peer Detection]<br>
Jul 8 15:04:58 vpn-fw1.mdc.gameloft.org pluto[30451]: "vac1" #1:
received Vendor ID payload [Dead Peer Detection]<br>
Jul 8 15:04:58 vpn-fw1.mdc.gameloft.org pluto[30451]: "vac2" #2:
Peer ID is ID_IPV4_ADDR: '72.21.209.193'<br>
Jul 8 15:04:58 vpn-fw1.mdc.gameloft.org pluto[30451]: "vac2" #2:
ISAKMP SA established<br>
Jul 8 15:04:58 vpn-fw1.mdc.gameloft.org pluto[30451]: "vac2" #3:
initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#2}<br>
Jul 8 15:04:58 vpn-fw1.mdc.gameloft.org pluto[30451]: "vac1" #1:
Peer ID is ID_IPV4_ADDR: '72.21.209.225'<br>
Jul 8 15:04:58 vpn-fw1.mdc.gameloft.org pluto[30451]: "vac1" #1:
ISAKMP SA established<br>
Jul 8 15:04:58 vpn-fw1.mdc.gameloft.org pluto[30451]: "vac1" #4:
initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}<br>
Jul 8 15:04:58 vpn-fw1.mdc.gameloft.org pluto[30451]: "vac2" #3:
route-client output: /usr/lib/ipsec/_updown: doroute `ip route add
169.254.255.5/32 via 72.21.209.193 dev eth1:MASTER src
169.254.255.6 table 220' failed (RTNETLINK answers: No such process)<br>
Jul 8 15:04:58 vpn-fw1.mdc.gameloft.org pluto[30451]: "vac2" #3:
sent QI2, IPsec SA established {ESP=>0xb660e8f1 <0x11e0e25a}<br>
Jul 8 15:04:58 vpn-fw1.mdc.gameloft.org pluto[30451]: "vac1" #4:
route-client output: /usr/lib/ipsec/_updown: doroute `ip route add
169.254.255.1/32 via 72.21.209.225 dev eth1:MASTER src
169.254.255.2 table 220' failed (RTNETLINK answers: No such process)<br>
Jul 8 15:04:58 vpn-fw1.mdc.gameloft.org pluto[30451]: "vac1" #4:
sent QI2, IPsec SA established {ESP=>0x9545fa88 <0xd79a4539}<br>
Jul 8 15:05:01 vpn-fw1.mdc.gameloft.org CRON[30531]:
pam_unix(cron:session): session opened for user root by (uid=0)<br>
Jul 8 15:05:01 vpn-fw1.mdc.gameloft.org CRON[30532]:
pam_unix(cron:session): session opened for user root by (uid=0)<br>
Jul 8 15:05:01 vpn-fw1.mdc.gameloft.org CRON[30532]:
pam_unix(cron:session): session closed for user root<br>
Jul 8 15:05:02 vpn-fw1.mdc.gameloft.org pluto[30451]: packet from
72.21.209.193:500: received Vendor ID payload [Dead Peer Detection]<br>
Jul 8 15:05:02 vpn-fw1.mdc.gameloft.org pluto[30451]: "vac2" #5:
responding to Main Mode<br>
Jul 8 15:05:02 vpn-fw1.mdc.gameloft.org pluto[30451]: "vac2" #5:
ignoring informational payload, type IPSEC_INITIAL_CONTACT<br>
Jul 8 15:05:02 vpn-fw1.mdc.gameloft.org pluto[30451]: "vac2" #5:
Peer ID is ID_IPV4_ADDR: '72.21.209.193'<br>
Jul 8 15:05:02 vpn-fw1.mdc.gameloft.org pluto[30451]: "vac2" #5:
sent MR3, ISAKMP SA established<br>
Jul 8 15:05:02 vpn-fw1.mdc.gameloft.org pluto[30451]: "vac2" #5:
cannot respond to IPsec SA request because no connection is known
for 0.0.0.0/0===*my_pub_ip*...72.21.209.193===0.0.0.0/0<br>
Jul 8 15:05:02 vpn-fw1.mdc.gameloft.org pluto[30451]: "vac2" #5:
sending encrypted notification INVALID_ID_INFORMATION to
72.21.209.193:500<br>
<br>
<b>configuration 2: (10.144/16 work with manual ip xfrm commands)</b><br>
ipsec.secrets:<br>
*my_pub_ip* 72.21.209.225 : PSK "*my_psk1*"<br>
*my_pub_ip* 72.21.209.193 : PSK "*my_psk2*"<br>
<br>
strongswan.conf:<br>
charon {<br>
}<br>
pluto {<br>
}<br>
libstrongswan {<br>
}<br>
<br>
ipsec.conf<br>
conn vac1<br>
keyexchange=ikev1<br>
auto=start<br>
authby=psk<br>
compress=no<br>
type=tunnel<br>
ike=aes128-sha1-modp1024<br>
pfs=yes<br>
left=*my_pub_ip*<br>
leftsubnet=10.0.0.0/8<br>
leftsourceip=169.254.255.2/30<br>
right=72.21.209.225<br>
rightsubnet=10.144.0.0/16<br>
rightsourceip=169.254.255.1/30<br>
<br>
conn vac2<br>
keyexchange=ikev1<br>
auto=start<br>
authby=psk<br>
compress=no<br>
type=tunnel<br>
ike=aes128-sha1-modp1024<br>
pfs=yes<br>
left=*my_pub_ip*<br>
leftsubnet=10.0.0.0/8<br>
leftsourceip=169.254.255.6/30<br>
right=72.21.209.193<br>
rightsubnet=10.144.0.0/16<br>
rightsourceip=169.254.255.5/30<br>
<br>
sudo /etc/init.d/ipsec start<br>
Starting strongSwan 4.2.4 IPsec [starter]...<br>
multiple default routes - cannot cope with %defaultroute!!!<br>
<br>
<br>
ip xfrm policy<br>
src 10.0.0.0/8 dst 10.144.0.0/16 <br>
dir out priority 2864 ptype main <br>
tmpl src *my_pub_ip* dst 72.21.209.193<br>
proto esp reqid 16389 mode tunnel<br>
src 10.144.0.0/16 dst 10.0.0.0/8 <br>
dir fwd priority 2864 ptype main <br>
tmpl src 72.21.209.193 dst *my_pub_ip*<br>
proto esp reqid 16389 mode tunnel<br>
src 10.144.0.0/16 dst 10.0.0.0/8 <br>
dir in priority 2864 ptype main <br>
tmpl src 72.21.209.193 dst *my_pub_ip*<br>
proto esp reqid 16389 mode tunnel<br>
src ::/0 dst ::/0 <br>
dir 4 priority 0 ptype main <br>
src ::/0 dst ::/0 <br>
dir 3 priority 0 ptype main<br>
...<br>
<br>
ip route | grep 10.144<br>
*empty*<br>
<br>
If I add the following policies:<br>
ip xfrm policy add dir in src 169.254.255.5/30 dst 169.254.255.6/30
priority 2864 tmpl mode tunnel reqid 16389 src 72.21.209.193 dst
*my_pub_ip* proto esp<br>
ip xfrm policy add dir out src 169.254.255.6/30 dst 169.254.255.5/30
priority 2864 tmpl mode tunnel reqid 16389 src *my_pub_ip* dst
72.21.209.193 proto esp<br>
<br>
<br>
Then the 10.144/16 subnet works<br>
<br>
ip route | grep 10.144<br>
10.144.0.0/16 via 169.254.255.5 dev eth1 proto zebra metric 100 <br>
<br>
<br>
ping -I 10.123.0.22 10.144.8.30<br>
PING 10.144.8.30 (10.144.8.30) from 10.123.0.22 : 56(84) bytes of
data.<br>
64 bytes from 10.144.8.30: icmp_seq=1 ttl=62 time=17.7 ms<br>
64 bytes from 10.144.8.30: icmp_seq=2 ttl=62 time=17.5 ms<br>
64 bytes from 10.144.8.30: icmp_seq=3 ttl=62 time=17.4 ms<br>
<br>
auth.log<br>
Jul 8 14:44:21 vpn-fw1.mdc.gameloft.org pluto[25503]: loading
secrets from "/etc/ipsec.secrets"<br>
Jul 8 14:44:21 vpn-fw1.mdc.gameloft.org pluto[25503]: loading
secrets from "/var/lib/strongswan/ipsec.secrets.inc"<br>
Jul 8 14:44:21 vpn-fw1.mdc.gameloft.org pluto[25503]: loaded
private key file '/etc/ipsec.d/private/vpn-fw1Key.pem' (1679 bytes)<br>
Jul 8 14:44:21 vpn-fw1.mdc.gameloft.org pluto[25503]: loaded
shared key for 72.21.209.225 *my_pub_ip* <br>
Jul 8 14:44:21 vpn-fw1.mdc.gameloft.org pluto[25503]: loaded
shared key for 72.21.209.193 *my_pub_ip* <br>
Jul 8 14:44:21 vpn-fw1.mdc.gameloft.org pluto[25503]: added
connection description "vac1"<br>
Jul 8 14:44:21 vpn-fw1.mdc.gameloft.org pluto[25503]: "vac1" #1:
initiating Main Mode<br>
Jul 8 14:44:21 vpn-fw1.mdc.gameloft.org pluto[25503]: added
connection description "vac2"<br>
Jul 8 14:44:21 vpn-fw1.mdc.gameloft.org pluto[25503]: "vac2" #2:
initiating Main Mode<br>
Jul 8 14:44:21 vpn-fw1.mdc.gameloft.org pluto[25503]: "vac2" #2:
received Vendor ID payload [Dead Peer Detection]<br>
Jul 8 14:44:21 vpn-fw1.mdc.gameloft.org pluto[25503]: "vac1" #1:
received Vendor ID payload [Dead Peer Detection]<br>
Jul 8 14:44:21 vpn-fw1.mdc.gameloft.org pluto[25503]: "vac2" #2:
Peer ID is ID_IPV4_ADDR: '72.21.209.193'<br>
Jul 8 14:44:21 vpn-fw1.mdc.gameloft.org pluto[25503]: "vac2" #2:
ISAKMP SA established<br>
Jul 8 14:44:21 vpn-fw1.mdc.gameloft.org pluto[25503]: "vac2" #3:
initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#2}<br>
src 169.254.255.6 table 220' failed (RTNETLINK answers: No such
process)<br>
Jul 8 14:44:21 vpn-fw1.mdc.gameloft.org pluto[25503]: "vac2" #3:
sent QI2, IPsec SA established {ESP=>0x6705b3eb <0x945af92b}<br>
Jul 8 14:44:21 vpn-fw1.mdc.gameloft.org pluto[25503]: "vac1" #1:
Peer ID is ID_IPV4_ADDR: '72.21.209.225'<br>
Jul 8 14:44:21 vpn-fw1.mdc.gameloft.org pluto[25503]: "vac1" #1:
ISAKMP SA established<br>
Jul 8 14:44:21 vpn-fw1.mdc.gameloft.org pluto[25503]: "vac1" #4:
initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}<br>
Jul 8 14:44:21 vpn-fw1.mdc.gameloft.org pluto[25503]: "vac1" #4:
cannot route -- route already in use for "vac2"<br>
Jul 8 14:44:26 vpn-fw1.mdc.gameloft.org pluto[25503]: "vac1" #4:
cannot route -- route already in use for "vac2"<br>
Jul 8 14:44:31 vpn-fw1.mdc.gameloft.org pluto[25503]: "vac1" #4:
cannot route -- route already in use for "vac2"<br>
Jul 8 14:44:36 vpn-fw1.mdc.gameloft.org pluto[25503]: "vac1" #4:
cannot route -- route already in use for "vac2"<br>
Jul 8 14:44:46 vpn-fw1.mdc.gameloft.org pluto[25503]: "vac1" #4:
cannot route -- route already in use for "vac2"<br>
Jul 8 14:44:56 vpn-fw1.mdc.gameloft.org pluto[25503]: "vac1" #4:
cannot route -- route already in use for "vac2"<br>
<br>
<div class="moz-signature"><br>
</div>
</body>
</html>