[strongSwan] "ipsec status" shows unexpected output

Meera Sudhakar mira.sudhakar at gmail.com
Fri Sep 9 12:33:05 CEST 2011

Hi Andreas,

Thanks a lot for the info. It is now working fine and the traffic can be
sent either through tunnel1 or 2.

Thanks and regards,

On Thu, Sep 8, 2011 at 11:39 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:

> Hi Meera,
> with certificates you'll need two different certificates, unless
> you add two subjectAltNames to a common certificate.
> With preshared-keys you could use the same key for both IDs.
> Regards
> Andreas
> On 09/08/2011 09:09 AM, Meera Sudhakar wrote:
>> Hi Andreas,
>> Ok. I checked the example you mentioned. So now I need to have different
>> leftid and rightid for each of the tunnels.
>> You had mentioned that "The draw back is that two IKE SAs including
>> authentication must be set up." Does this mean that we need separate
>> keys and certificates for each tunnel? In other words, what will the
>> content of the folders /etc/ipsec.d/certs and /etc/ipsec.d/private be?
>> Sorry, but I just find it a bit confusing because from my understanding,
>> the identities are included in the peer cert creation, So if I'll need
>> two identities on each end-point, I'll need two keys/certs as well.
>> Could you please help me understand this better?
>> Thanks and regards,
>> Meera
>  ==============================**==============================**
> ==========
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ==============================**=============================[**ITA-HSR]==
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110909/394625ce/attachment.html>

More information about the Users mailing list