<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class="">Hoping someone can help me out here.</div><div class=""><br class=""></div><div class="">I’m trying to configure a site-to-site IKEv1 connection to a remote host managed by another firm. I need to be able to route traffic to to two right-side subnets, 10.0.51.0/24 and 10.0.20.0/24. I’m unable to simply declare 10.0.0.0/16 as the right-side subnet as doing so would conflict with addresses that I need to resolve in our local network.</div><div class=""><br class=""></div><div class="">However, when activated with this configuration, only the last configured child connection enables (in this case subnet02). Commenting out the subnet02 block enables routing to subnet01. </div><div class=""><br class=""></div><div class="">It seems this child connection approach is the proper one for ikev1, but I could be wrong.</div><div class=""><a href="https://lists.strongswan.org/pipermail/users/2012-March/002746.html" class="">https://lists.strongswan.org/pipermail/users/2012-March/002746.html</a></div><div class=""><br class=""></div><div class="">I suspect I’m missing something very simple, but any help would be appreciated.</div><div class=""><br class=""></div><div class="">Gist available here:</div><div class=""><a href="https://gist.github.com/revprez/b6ae775b02cc2009721d2eadf950cd72" class="">https://gist.github.com/revprez/b6ae775b02cc2009721d2eadf950cd72</a></div><div class=""><br class=""></div><div class=""><p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class="">conn common</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> authby=psk</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> type=tunnel</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> ike=...</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> ikelifetime=28800s</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> esp=...</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> keylife=3600s</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> keyingtries=%forever</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> keyexchange=ikev1</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> left=%defaultroute</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> leftid=...</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> leftsubnet=...</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> right=...</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> dpddelay=10</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> dpdtimeout=30</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> dpdaction=restart</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> installpolicy=yes</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> auto=start</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17); min-height: 16px;" class=""><span style="font-kerning: none" class=""></span><br class=""></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class="">conn subnet01</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> also=common</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> rightsubnet=10.0.51.0/24</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> auto=start</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17); min-height: 16px;" class=""><span style="font-kerning: none" class=""></span><br class=""></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class="">conn subnet02</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> also=common</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> rightsubnet=10.0.20.0/24</span></p>
<p style="margin: 0px; font-stretch: normal; font-size: 13px; line-height: normal; font-family: Courier; color: rgb(17, 17, 17);" class=""><span style="font-kerning: none" class=""> auto=start</span></p></div><div class=""><span style="font-kerning: none" class=""><br class=""></span></div><div class=""><br class=""></div><div class=""><br class=""></div><br class=""><div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0);" class=""><span style="color: rgb(34, 34, 34); font-family: arial; font-size: small; background-color: rgb(255, 255, 255);" class="">Prez Cannady </span></div><div class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><span style="color: rgb(34, 34, 34); font-family: arial; font-size: small; background-color: rgb(255, 255, 255);" class="">e: </span><font color="#1155cc" style="font-family: arial; background-color: rgb(255, 255, 255);" class=""><a href="mailto:revprez@opencorrelate.org" class="">revprez@opencorrelate.org</a></font><span style="color: rgb(34, 34, 34); font-family: arial; font-size: small; background-color: rgb(255, 255, 255);" class=""> </span></div><div class=""><span style="color: rgb(34, 34, 34); font-family: arial; font-size: small; background-color: rgb(255, 255, 255);" class="">h:</span> <a href="https://revprez.github.io" style="font-family: arial; background-color: rgb(255, 255, 255);" class="">https://revprez.github.io</a></div></div></div></div></div></div></div><br class="Apple-interchange-newline"></div><br class="Apple-interchange-newline"></div><br class="Apple-interchange-newline"></div><br class="Apple-interchange-newline"></div><br class="Apple-interchange-newline"></div><br class="Apple-interchange-newline"><br class="Apple-interchange-newline">
</div>
<br class=""></body></html>