<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,153)">Hi Andreas,<br><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,153)">Thanks for you reply.<br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,153)">Earlier we were using openswan where in the config 'keyexchange=ike' is set (which is ikev1 correct me if I am wrong). In openswan multiple subnets with comma separated worked. <br><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,153)">In strongswan if we setup connection for each subnet, a separate tunnel will be created for each connection. For connection status, bring up/down we need to do on each connection. Earlier in openswan we used to manage as single connection.<br><br>Is there any way to manage it as single vpn connection or tunnel ?<br><br>Thanks, <br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,153)">Jayapal<br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,153)"><br><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jun 16, 2016 at 1:20 PM, Andreas Steffen <span dir="ltr"><<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Jayapal,<br>
<br>
The IKEv1 protocol does not support comma-separated subnets, so your<br>
problem is independent of the strongSwan version. You must set up a<br>
separate connection definition for each subnet.<br>
<br>
Regards<br>
<br>
Andreas<br>
<div><div class="h5"><br>
On 06/16/2016 06:27 AM, Jayapal Reddy wrote:<br>
> Hi,<br>
><br>
> I am using strongswan ipsec 4.5.2. In this version multiple right<br>
> subnets with comma (,) separated is working only for the first subnet.<br>
> We have setup where up upgraded from openswan to strongswan. In this<br>
> setup only first right subnet is working.<br>
> We are using left right debain virtual router and right side Juniper SRX<br>
> and we are using ikev1. We can't split that into multiple connections<br>
> because right side Juniper srx config can't be changed because it is in<br>
> customer location.<br>
><br>
> Can some one suggest us how to resolve this. Is there patch available<br>
> for this ?<br>
> I have tried strongswan 5.2 from backports. in this setup my tunnel is<br>
> not coming up.<br>
><br>
> It is bit urgent, your inputs are highly appreciated.<br>
><br>
> Thanks,<br>
> Jayapal<br>
><br>
</div></div>======================================================================<br>
Andreas Steffen <a href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a><br>
strongSwan - the Open Source VPN Solution! <a href="http://www.strongswan.org" rel="noreferrer" target="_blank">www.strongswan.org</a><br>
Institute for Internet Technologies and Applications<br>
University of Applied Sciences Rapperswil<br>
CH-8640 Rapperswil (Switzerland)<br>
===========================================================[ITA-HSR]==<br>
<br>
</blockquote></div><br></div>