[strongSwan-dev] [strongSwan] strongswan 4.5.2 multiple right subnets

Jayapal Reddy jayapalatiiit at gmail.com
Thu Jun 16 11:35:22 CEST 2016 

Hi Andreas,

Thanks for you reply.
Earlier we were using openswan where in the config 'keyexchange=ike' is set
(which is ikev1 correct me if I am wrong). In openswan multiple subnets
with comma separated worked.

In strongswan if we setup connection for each subnet, a separate tunnel
will be created for each connection. For connection status, bring up/down
we need to do on each connection. Earlier in openswan we used to manage as
single connection.

Is there any way to manage it as single vpn connection or tunnel ?

Thanks,
Jayapal



On Thu, Jun 16, 2016 at 1:20 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:

> Hi Jayapal,
>
> The IKEv1 protocol does not support comma-separated subnets, so your
> problem is independent of the strongSwan version. You must set up a
> separate connection definition for each subnet.
>
> Regards
>
> Andreas
>
> On 06/16/2016 06:27 AM, Jayapal Reddy wrote:
> > Hi,
> >
> > I am using strongswan ipsec 4.5.2. In this version multiple right
> > subnets with comma (,) separated is working only for the first subnet.
> > We have  setup where up upgraded from openswan to strongswan. In this
> > setup only first right subnet is working.
> > We are using left right debain virtual router and right side Juniper SRX
> > and we are using ikev1. We can't split that into multiple connections
> > because right side Juniper srx config can't be changed because it is in
> > customer location.
> >
> > Can some one suggest us how to resolve this. Is there patch available
> > for this ?
> > I have tried strongswan 5.2 from backports. in this setup my tunnel is
> > not coming up.
> >
> > It is bit urgent, your inputs are highly appreciated.
> >
> > Thanks,
> > Jayapal
> >
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution!          www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20160616/fdaf37a7/attachment.html>

More information about the Dev mailing list