On 6/23/07, Phillip Hellewell <sshock@...> wrote:
> So my question is, how can I fix this? I can't tell my workplace to
> change what they are doing. If there was someway to just use a single
> association for both tunnels, that would do the trick. Or if there were
> someway to tell the kernel not to drop my packet because even though the spi
> isn't the matching one, that would probably do it too.
Hooray! To have a single tunnel, I just had to use "require" instead of
"unique" on my SPD entries!
Since I'm using Debian's racoon-tool to do this for me, it amounted to
adding the "level: require" option to my two connections. (I guess
racoon-tool defaults to "unique".)