[strongSwan] Multiple tunnels between two endpoints
Ali Masoudi
masoudi1983 at gmail.com
Wed Jan 9 07:18:55 CET 2013
Thank you so much Dirk
Maybe it is related to timing, I am going to check that. In that case,
if I bring up tunnels one by one with a slight delay, the problem must
be solved I think.
Best wishes
On Tue, Jan 8, 2013 at 11:41 AM, Dirk Hartmann <dha at heise.de> wrote:
>
>
> --On Tuesday, January 08, 2013 11:30:00 AM +0330 Ali Masoudi
> <masoudi1983 at gmail.com> wrote:
>
>> Thank you Dirk for your answer,
>>
>> But what about ikev1 connections? I think using multiple subnets in
>> one connection is acceptable in ikev2. If I'm wrong, correct me
>> please.
>
> no that is correct.
> "IKEv2 supports multiple subnets separated by commas, IKEv1 only
> interprets the first subnet of such a definition, unless the Cisco
> Unity extension plugin is enabled (available since 5.0.1)."
> <http://wiki.strongswan.org/projects/strongswan/wiki/ConnSection>
>
>> I use "reuse_ikesa = no" for a while and I have no problem, but in the
>> last week, I started to work with hearbeat service from linux-ha, and
>> in the failover occasions, after i bring up the virtual ip address
>> related service (I have written) for ipsec, I had a few problems to
>> bring up some tunnels. But when I use "reuse_ikesa = yes", the
>> problems solved.
>
> could it be a timing-problem? I assume that initiating a full IKE_SA
> takes more time than just a CHILD_SA.
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list