[strongSwan] Multiple connections - parameters from first conn are used?
tobias at strongswan.org
Mon Sep 24 10:40:40 CEST 2012
> This is bad news. I am trying to setup my strongSwan gateway to have
> multiple connections. Some connections will be for site-to-site
> configs and others will be for my mobile roadwarrior clients.
> Are there any tips or tricks I could use?
One thing you could do is to configure the hostname or IP address of the
other peer with right= for the site-to-site configs, then list the
roadwarrrior config last in ipsec.conf. Also, the selected config can
be switched later based on the identity of the other peer, so for
site-to-site configs you can configure rightid=<idofpeer> to force a
specific config for a peer. And since the default IKE proposal includes
all supported algorithms the roadwarrior config should also work for
site-to-site tunnels during the first phase if you don't configure ike=
and it allows the other peer to force a specific proposal by adding a !
at the end of its ike= line (e.g. ike=aes128-sha256-ecp256!).
More information about the Users