[strongSwan] "ipsec status" shows unexpected output
Meera Sudhakar
mira.sudhakar at gmail.com
Fri Sep 9 12:33:05 CEST 2011
Hi Andreas,
Thanks a lot for the info. It is now working fine and the traffic can be
sent either through tunnel1 or 2.
Thanks and regards,
Meera
On Thu, Sep 8, 2011 at 11:39 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:
> Hi Meera,
>
> with certificates you'll need two different certificates, unless
> you add two subjectAltNames to a common certificate.
> With preshared-keys you could use the same key for both IDs.
>
> Regards
>
> Andreas
>
>
> On 09/08/2011 09:09 AM, Meera Sudhakar wrote:
>
>> Hi Andreas,
>> Ok. I checked the example you mentioned. So now I need to have different
>> leftid and rightid for each of the tunnels.
>> You had mentioned that "The draw back is that two IKE SAs including
>> authentication must be set up." Does this mean that we need separate
>> keys and certificates for each tunnel? In other words, what will the
>> content of the folders /etc/ipsec.d/certs and /etc/ipsec.d/private be?
>> Sorry, but I just find it a bit confusing because from my understanding,
>> the identities are included in the peer cert creation, So if I'll need
>> two identities on each end-point, I'll need two keys/certs as well.
>> Could you please help me understand this better?
>> Thanks and regards,
>> Meera
>>
>>
> ==============================**==============================**
> ==========
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ==============================**=============================[**ITA-HSR]==
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110909/394625ce/attachment.html>
More information about the Users
mailing list