[strongSwan] strongswan 4.5.2 multiple right subnets

Jayapal Reddy jayapalatiiit at gmail.com
Fri Jun 17 07:03:51 CEST 2016 

Hi Andreas,

Any ideas on managing it as single vpn connection ?

Thanks,
Jayapal

On Thu, Jun 16, 2016 at 3:05 PM, Jayapal Reddy <jayapalatiiit at gmail.com>
wrote:

> Hi Andreas,
>
> Thanks for you reply.
> Earlier we were using openswan where in the config 'keyexchange=ike' is
> set (which is ikev1 correct me if I am wrong). In openswan multiple subnets
> with comma separated worked.
>
> In strongswan if we setup connection for each subnet, a separate tunnel
> will be created for each connection. For connection status, bring up/down
> we need to do on each connection. Earlier in openswan we used to manage as
> single connection.
>
> Is there any way to manage it as single vpn connection or tunnel ?
>
> Thanks,
> Jayapal
>
>
>
> On Thu, Jun 16, 2016 at 1:20 PM, Andreas Steffen <
> andreas.steffen at strongswan.org> wrote:
>
>> Hi Jayapal,
>>
>> The IKEv1 protocol does not support comma-separated subnets, so your
>> problem is independent of the strongSwan version. You must set up a
>> separate connection definition for each subnet.
>>
>> Regards
>>
>> Andreas
>>
>> On 06/16/2016 06:27 AM, Jayapal Reddy wrote:
>> > Hi,
>> >
>> > I am using strongswan ipsec 4.5.2. In this version multiple right
>> > subnets with comma (,) separated is working only for the first subnet.
>> > We have  setup where up upgraded from openswan to strongswan. In this
>> > setup only first right subnet is working.
>> > We are using left right debain virtual router and right side Juniper SRX
>> > and we are using ikev1. We can't split that into multiple connections
>> > because right side Juniper srx config can't be changed because it is in
>> > customer location.
>> >
>> > Can some one suggest us how to resolve this. Is there patch available
>> > for this ?
>> > I have tried strongswan 5.2 from backports. in this setup my tunnel is
>> > not coming up.
>> >
>> > It is bit urgent, your inputs are highly appreciated.
>> >
>> > Thanks,
>> > Jayapal
>> >
>> ======================================================================
>> Andreas Steffen                         andreas.steffen at strongswan.org
>> strongSwan - the Open Source VPN Solution!          www.strongswan.org
>> Institute for Internet Technologies and Applications
>> University of Applied Sciences Rapperswil
>> CH-8640 Rapperswil (Switzerland)
>> ===========================================================[ITA-HSR]==
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160617/7267f7fe/attachment.html>

More information about the Users mailing list