[strongSwan] multiple phase 2 versus single phase 2 tunnel to strongswan
Sach K
sacho.polo at gmail.com
Mon Apr 21 10:21:42 CEST 2014
Hi,
When testing with some firewalls with strongswan vpn gateway, I noticed
that some firewalls create multiple phase 2 tunnels, based on the
destination port (due to how the FW vpn configuration is structured), while
some FW create one tunnel and send all traffic on that. And some FWs can be
configured either way. Is there an advantage of one versus another, i.e.
creating one phase 2 for all traffic versus creating one for each service?
Since strongswan is handling tunnels from multiple FWs, would it be better
for performance reasons to have one tunnel (less lookup, less tunnels to
rekey etc?)
-matt.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140421/9a0dffa7/attachment.html>
More information about the Users
mailing list