[strongSwan] virtual IP configuration with traffic seperation not working

[prasobh.s25 at wipro.com]

Hi ,

I am trying to configure two IPSec tunnels for icmp and udp. My configuration is as below

conn %default
l    leftcert=cert.pem
    leftid="local"
    rightid="remote"
    leftfirewall=yes
    right=10.222.191.83
    rightsubnet=10.222.190.40/32
    left=10.222.191.42
    leftsourceip=10.222.0.1
    auto=add
conn home
    leftprotoport=icmp
    rightprotoport=icmp
conn home2
    leftprotoport=udp
    rightprotoport=udp

When I give 'ipsec up home' connection home is successfully established(child sa created). But then when I tryto establish second connection by giving 'ipsec up home2' it fails with TS Unacceptable error on gateway( traffic selectors 10.222.190.40/32[udp/65535]===0.0.0.0/0[udp/17383] inacceptable. Even if I give command to up the home2 , the connection fails with same error

This problem is not there when I use leftsubnet instead of leftsourceip. It seems that when leftsourceip is used , peer selects the first connection automatically.

Am I doing anything wrong here ? or is it a known issue ?

Best Regards,
Prasobh


The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com