[strongSwan] Can a route based VPN instance, and a policy based VPN instance, coexist on the same box?
Noel Kuntze
noel at familie-kuntze.de
Fri Mar 17 10:49:18 CET 2017
Hello Thomas,
On 17.03.2017 06:29, Thomas Leavitt wrote:
> The other party is convinced that this is a routing issue on our side, but my read of the Wiki says different, that a VTI interface is not necessary
> (unless they are using GRE, which they've not indicated is the case) as routing is done in the kernel.
Routing is always done in the kernel, so that sentence holds no information or argument.
> I've been assembling resources to address the problem after being brought in late in the process. One of the questions we're trying to determine is,
> as mentioned in the subject, we can safely have a GRE (if that's what they're running) VPN and an ipsec policy based VPN coexist on the same box.
General answer: Yes.
Special answer: Depends on if you have IP numbering conflicts or not, if you have any special setups with BGP or something else, ...
Please follow the wiki page about requesting help[1]. Nearly all possible issues regarding strongSwan have already been at least discussed or already solved
at this point in time, so you will most likely find information that helps you with your problem. As a last resort, come back here and provide the information
as described on the wiki page[1].
[1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests
--
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170317/f94b5039/attachment.sig>
More information about the Users
mailing list