[strongSwan] StrongSwan - difference encryption domain
Pawel Grzesik
pawel.grzesik at brainstorm.co.uk
Sat Nov 9 10:05:17 CET 2013
Ahh right, so then I think I can use leftid and rightid in my ipsec.secret. It make sense.
I will try that :-)
Thanks,
Pawel
On 9 Nov 2013, at 09:03, Noel Kuntze <noel at familie-kuntze.de> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello Pawel,
>
> You can indeed use different rightid or leftid pairs to match the different tunnels.
>
> example: use leftid=tunnel1 for tunnel1 and leftid=tunnel2 for tunnel2.
> This works.
>
> Regards
> Noel Kuntze
>
> Am 09.11.2013 08:53, schrieb Pawel Grzesik:
>> Hi
>>
>> leftid and righted is something else.
>> What I'm trying to say is to have 2 different password for two different tunnels but with the same peers.
>>
>> Lets say I have two tunnels.
>>
>> conn net1
>> ike=aes256-md5-modp1024!
>> esp=aes256-md5!
>> left=192.168.1.1
>> right=192.168.9.1
>> leftsubnet=123.123.123.0/27
>> rightsubnet=111.111.111.0/32
>> auto=route
>>
>> conn net2
>> ike=aes256-sha1-modp1024!
>> esp=aes256-sha1!
>> left=192.168.1.1
>> right=192.168.9.1
>> leftsubnet=124.124.124.0/32
>> rightsubnet=2.2.2.2/32
>> auto=route
>>
>> So I have the same peers but different tunnels. How I can setup my ipsec.secret for them if I need to put there peers and PSK ?
>>
>> I should be something like:
>> 192.168.1.1 192.168.9.1 : PSK "password1" # this should be with leftsubnets 123.123.123.0/27
>> 192.168.1.1 192.168.9.1 : PSK "password2" # this should be with leftsubnets 124.124.124.0/32
>>
>>
>> Thanks,
>> Pawel
>>
>> On 9 Nov 2013, at 06:09, Ali Masoudi <masoudi1983 at gmail.com <mailto:masoudi1983 at gmail.com>> wrote:
>>
>>> Hi
>>>
>>> I think it is possible. you can use different pairs of leftid/rightid.
>>>
>>> Best wishes
>>>
>>>
>>> On Fri, Nov 8, 2013 at 5:00 PM, Pawel Grzesik <pawel.grzesik at brainstorm.co.uk <mailto:pawel.grzesik at brainstorm.co.uk>> wrote:
>>>
>>> Hi All,
>>>
>>> Just a quick question. Is it possible to have at the ipsec.secret two difference PSK for the same peers but difference tunnels ?
>>>
>>> For example
>>> PEER_ME PEER_EXTERNAL : PSK "test1"
>>> PEER_ME PEER_EXTERNAL : PSK "test2"
>>>
>>> I have the same PEER_ME and also PEER_EXTERNAL are also the same IP. The difference is just a PSK and the tunnels. I'm sure it's possible at the cisco, but what about my site witch is on StrongSwan? Anyone?
>>>
>>> Thanks,
>>> Pawel
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
>>> https://lists.strongswan.org/mailman/listinfo/users
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
>>> https://lists.strongswan.org/mailman/listinfo/users
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJSffplAAoJEDg5KY9j7GZYDtIP/1yreR4bnXK7VcHdOZDyotMZ
> lSRYicmjs4v3tssYXJ6KfGBynvg57kEmhgWuG8Vk3o179Qmc+nUGZjn4qIXJ7hK3
> UVqg6gZU6QuhDF0YF9p7jk+oOKzP76KK8rcBv+sMliEDRj93V9pW+JGwg+b8qapf
> +RE7er3TUtIhF/1bkTRxrc8Laj632mjDHfFR6/bCZX+xTSgIuoHiaj21Eb1wakHI
> XsnDADEBB8XjZ3MHt90dOi1CQn6ChHmR76HHdta0RlpmE/P9HmxWjELT74aBBzRi
> QYQxLXrkT53hpWaEfAJD1DFlZHN5J7As0mrYoZR9MhvRnwoKGurnxdNS2Pd6XFl6
> PSGOtQVXMoEf/wbtPLM94+Cx0Jm/4ftnCmJVopuBui+bpEHiSHf7e30FmNgC8yvi
> 6dzbko+wNf1RmBJkYIyhpxmlXnJKHp0+GR+uVS1oT2a1LxfJStfeC8QqH8Y0J1XL
> uNFS5YZM1eZJPho7D+zM9pbIlda90IoWXdi7KA+pEBFWXXlZ2qSZ+abdyI/+86Y5
> tPlIkOccggGBU7I9p8tGh0Nnq0CHfa+kI992c+u+KlMygNSFFUtxFAR65MY7Ktqj
> SIPtNrfp8TYPTGho696m1Kg8f7tj9/O1ljfUgCnMbyxTmf9Ki9/LU7mf9UScmB9N
> YYTqLnuHVDXdw/0psdZ+
> =7uUw
> -----END PGP SIGNATURE-----
More information about the Users
mailing list