[strongSwan] Configure multiple transports between 2 machines

Manu S. Keshava manu at chelsio.com
Mon Nov 7 13:22:10 CET 2016 

Hi Strongswan users,

[Machine_A] <------> [Machine_B]
10.1.1.151/24      10.1.1.203/24
10.4.4.151/24      10.4.4.203/24

I have two machines connected to back-to-back using a single port NIC as above. I have configured and installed strongswan on both machines.
The machines have an IP alias also configured for the interface(10.4.4.x network).
This is the ipsec.conf file on Machine_A and Machine_B.

CONF FILE from Machine_A
-------------------------
# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
        # strictcrlpolicy=yes
        # uniqueids = no

conn %default
        ikelifetime=60m
        keylife=20m
        esp=aes128ccm64
        aggressive=no
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2

conn machA_machB
        left=10.1.1.151
        leftcert=host2Cert.der
        leftid="C=CH, O=Strongswan, CN=host1"
        leftfirewall=no
        right=10.1.1.203
        rightid="C=CH, O=Strongswan, CN=host2"
        type=transport
        auto=add

conn machA_machB_2
        left=10.4.4.151
        leftcert=host2Cert.der
        leftid="C=CH, O=Strongswan, CN=host1"
        leftfirewall=no
        right=10.4.4.203
       rightid="C=CH, O=Strongswan, CN=host2"
        type=transport
        auto=add

CONF FILE from Machine_B
-------------------------
# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
        # strictcrlpolicy=yes
        # uniqueids = no

conn %default
        ikelifetime=60m
        keylife=20m
        esp=aes128ccm64
        aggressive=no
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2

conn machA_machB
        left=10.1.1.203
        leftcert=host2Cert.der
        leftid="C=CH, O=Strongswan, CN=host2"
        leftfirewall=no
        right=10.1.1.151
        rightid="C=CH, O=Strongswan, CN=host1"
        type=transport
        auto=add

conn machA_machB_2
        left=10.4.4.203
        leftcert=host2Cert.der
        leftid="C=CH, O=Strongswan, CN=host2"
        leftfirewall=no
        right=10.4.4.151
       rightid="C=CH, O=Strongswan, CN=host1"
        type=transport
        auto=add


When I bring up conn "machA_machB", it is successful and I verified the same from "ipsec status".
Tried to ping over "10.1.1.X" and it was encapsulated.
Now if I try to bring up conn "machA_machB_2", it will remove the first connection.
What changes are required to get both of them working at the same time?

Thanks
Manu

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161107/4d577083/attachment-0001.html>

More information about the Users mailing list