[strongSwan] StrongSwan - difference encryption domain

Pawel Grzesik pawel.grzesik at brainstorm.co.uk
Sat Nov 9 08:53:43 CET 2013 

Hi

leftid and righted is something else. 
What I'm trying to say is to have 2 different password for two different tunnels but with the same peers.

Lets say I have two tunnels.

conn net1
        ike=aes256-md5-modp1024!
        esp=aes256-md5!
        left=192.168.1.1
        right=192.168.9.1
        leftsubnet=123.123.123.0/27
        rightsubnet=111.111.111.0/32
        auto=route

conn net2
        ike=aes256-sha1-modp1024!
        esp=aes256-sha1!
        left=192.168.1.1
        right=192.168.9.1
        leftsubnet=124.124.124.0/32
        rightsubnet=2.2.2.2/32
        auto=route

So I have the same peers but different tunnels. How I can setup my ipsec.secret for them if I need to put there peers and PSK ?

I should be something like:
192.168.1.1 192.168.9.1 : PSK "password1" # this should be with leftsubnets 123.123.123.0/27
192.168.1.1 192.168.9.1 : PSK "password2" # this should be with leftsubnets 124.124.124.0/32


Thanks,
Pawel

On 9 Nov 2013, at 06:09, Ali Masoudi <masoudi1983 at gmail.com> wrote:

> Hi
> 
> I think it is possible. you can use different pairs of leftid/rightid.
> 
> Best wishes
> 
> 
> On Fri, Nov 8, 2013 at 5:00 PM, Pawel Grzesik <pawel.grzesik at brainstorm.co.uk> wrote:
> Hi All,
> 
> Just a quick question. Is it possible to have at the ipsec.secret two difference PSK for the same peers but difference tunnels ?
> 
> For example
> PEER_ME PEER_EXTERNAL : PSK "test1"
> PEER_ME PEER_EXTERNAL : PSK "test2"
> 
> I have the same PEER_ME and also PEER_EXTERNAL are also the same IP. The difference is just a PSK and the tunnels. I'm sure it's possible at the cisco, but what about my site witch is on StrongSwan? Anyone?
> 
> Thanks,
> Pawel
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131109/59ffb1ff/attachment.html>

More information about the Users mailing list