[strongSwan] Can a route based VPN instance, and a policy based VPN instance, coexist on the same box?
Thomas Leavitt
thomas at 880itservices.com
Fri Mar 17 06:29:01 CET 2017
A client has an existing strongSwan VPN installation that bridges two
sites. They are attempting to set up a second site to site VPN connection
to an external partner that uses a Juniper VPN/firewall box and has what
sounds like a route based ipsec VPN set up. We've set up our side using a
policy based VPN configuration, and the connection between the two sites
itself seems to be working (authentication is completed), but traffic is
not flowing over the VPN connection. The other party is convinced that this
is a routing issue on our side, but my read of the Wiki says different,
that a VTI interface is not necessary (unless they are using GRE, which
they've not indicated is the case) as routing is done in the kernel.
I've been assembling resources to address the problem after being brought
in late in the process. One of the questions we're trying to determine is,
as mentioned in the subject, we can safely have a GRE (if that's what
they're running) VPN and an ipsec policy based VPN coexist on the same box.
Any advice on the matter would be appreciated, or referrals to good
documentation and troubleshooting guides.
--
880 IT Services
w. http://www.880itservices.com
e. thomas at 880itservices.com
p. 831-469-3382
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170316/361b5018/attachment.html>
More information about the Users
mailing list