[strongSwan] Multiple tunnels between two endpoints
Dirk Hartmann
dha at heise.de
Mon Jan 7 12:22:07 CET 2013
Hi Ali,
--On Monday, January 07, 2013 02:39:55 PM +0330 Ali Masoudi
<masoudi1983 at gmail.com> wrote:
> I have a simple question, and I would be grateful if anyone could
> answer it.
>
> If we want to establish multiple tunnels between two endpoints, is it
> recommended to use "reuse_ikesa = no" option in strongswan.conf.
>
> I figured it in my tests that it is better to use the default config.
> Am I right? What is the application of reuse_ikesa option? Thanks a
> lot.
if you set reuse_ikesa = no there will be a new IKE_SA for every
CHILD_SA.
Normally it is ok to have one IKE_SA with more CHILD_SAs.
Handling is a little bit easier if you want to stop/start single
CHILD_SAs.
Do the different tunnels run to the same net on one side? Then you
could enable them in a single tunnel.
Example:
rightsubnet= 192.168.1.0/25
leftsubnet=10.0.0.0/8,172.16.1.0/24,172.16.2.0/24,172.31.0.0/16
Best Regards
Dirk
More information about the Users
mailing list