[strongSwan-dev] [strongSwan] strongswan 4.5.2 multiple right subnets
Andreas Steffen
andreas.steffen at strongswan.org
Fri Jun 17 05:42:48 CEST 2016
Just use IKEv2 then you can have concatenated subnets.
Andreas
On 17.06.2016 07:03, Jayapal Reddy wrote:
> Hi Andreas,
>
> Any ideas on managing it as single vpn connection ?
>
> Thanks,
> Jayapal
>
> On Thu, Jun 16, 2016 at 3:05 PM, Jayapal Reddy <jayapalatiiit at gmail.com
> <mailto:jayapalatiiit at gmail.com>> wrote:
>
> Hi Andreas,
>
> Thanks for you reply.
> Earlier we were using openswan where in the config 'keyexchange=ike'
> is set (which is ikev1 correct me if I am wrong). In openswan
> multiple subnets with comma separated worked.
>
> In strongswan if we setup connection for each subnet, a separate
> tunnel will be created for each connection. For connection status,
> bring up/down we need to do on each connection. Earlier in openswan
> we used to manage as single connection.
>
> Is there any way to manage it as single vpn connection or tunnel ?
>
> Thanks,
> Jayapal
>
>
>
> On Thu, Jun 16, 2016 at 1:20 PM, Andreas Steffen
> <andreas.steffen at strongswan.org
> <mailto:andreas.steffen at strongswan.org>> wrote:
>
> Hi Jayapal,
>
> The IKEv1 protocol does not support comma-separated subnets, so your
> problem is independent of the strongSwan version. You must set up a
> separate connection definition for each subnet.
>
> Regards
>
> Andreas
>
> On 06/16/2016 06:27 AM, Jayapal Reddy wrote:
> > Hi,
> >
> > I am using strongswan ipsec 4.5.2. In this version multiple right
> > subnets with comma (,) separated is working only for the
> first subnet.
> > We have setup where up upgraded from openswan to strongswan.
> In this
> > setup only first right subnet is working.
> > We are using left right debain virtual router and right side
> Juniper SRX
> > and we are using ikev1. We can't split that into multiple
> connections
> > because right side Juniper srx config can't be changed
> because it is in
> > customer location.
> >
> > Can some one suggest us how to resolve this. Is there patch
> available
> > for this ?
> > I have tried strongswan 5.2 from backports. in this setup my
> tunnel is
> > not coming up.
> >
> > It is bit urgent, your inputs are highly appreciated.
> >
> > Thanks,
> > Jayapal
> >
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> <mailto:andreas.steffen at strongswan.org>
> strongSwan - the Open Source VPN Solution! www.strongswan.org
> <http://www.strongswan.org>
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
>
>
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20160617/b6a9e24e/attachment-0001.bin>
More information about the Dev
mailing list