[strongSwan] "ipsec status" shows unexpected output
mira.sudhakar at gmail.com
Fri Sep 9 12:33:05 CEST 2011
Thanks a lot for the info. It is now working fine and the traffic can be
sent either through tunnel1 or 2.
Thanks and regards,
On Thu, Sep 8, 2011 at 11:39 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:
> Hi Meera,
> with certificates you'll need two different certificates, unless
> you add two subjectAltNames to a common certificate.
> With preshared-keys you could use the same key for both IDs.
> On 09/08/2011 09:09 AM, Meera Sudhakar wrote:
>> Hi Andreas,
>> Ok. I checked the example you mentioned. So now I need to have different
>> leftid and rightid for each of the tunnels.
>> You had mentioned that "The draw back is that two IKE SAs including
>> authentication must be set up." Does this mean that we need separate
>> keys and certificates for each tunnel? In other words, what will the
>> content of the folders /etc/ipsec.d/certs and /etc/ipsec.d/private be?
>> Sorry, but I just find it a bit confusing because from my understanding,
>> the identities are included in the peer cert creation, So if I'll need
>> two identities on each end-point, I'll need two keys/certs as well.
>> Could you please help me understand this better?
>> Thanks and regards,
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users