[strongSwan] Multiple tunnels between two endpoints
Dirk Hartmann
dha at heise.de
Tue Jan 8 09:11:23 CET 2013
--On Tuesday, January 08, 2013 11:30:00 AM +0330 Ali Masoudi
<masoudi1983 at gmail.com> wrote:
> Thank you Dirk for your answer,
>
> But what about ikev1 connections? I think using multiple subnets in
> one connection is acceptable in ikev2. If I'm wrong, correct me
> please.
no that is correct.
"IKEv2 supports multiple subnets separated by commas, IKEv1 only
interprets the first subnet of such a definition, unless the Cisco
Unity extension plugin is enabled (available since 5.0.1)."
<http://wiki.strongswan.org/projects/strongswan/wiki/ConnSection>
> I use "reuse_ikesa = no" for a while and I have no problem, but in the
> last week, I started to work with hearbeat service from linux-ha, and
> in the failover occasions, after i bring up the virtual ip address
> related service (I have written) for ipsec, I had a few problems to
> bring up some tunnels. But when I use "reuse_ikesa = yes", the
> problems solved.
could it be a timing-problem? I assume that initiating a full IKE_SA
takes more time than just a CHILD_SA.
More information about the Users
mailing list