[strongSwan] SAs and Split Tunneling

Dusan Ilic dusan at comhem.se
Tue May 16 18:58:36 CEST 2017

Ikev1 only support one TS if i recall correctly.

---- Tobias Koeck skrev ----

>I use StrongSwan 5.5.1 and checked out a RoadWarrior Scenario with a Linux
>Client connecting to a Router. On the Router side there are three SAs with
>the nets, and
>The connection with StrongSwan works but it will only register the first
>network ( in the iptables routing and in StrongSwan. I want
>to register all three networks in the routing as split tunneling and want
>to have the rest over the local Internet connection.
>I have checked the logs and have read the split tunneling manual but
>haven't found the problem so far.
>How do I do that? Do I have generate the additional routing manually?
>Greetings and thanks
>ipsec.conf configuration
>conn vpn_tko
>        authby=xauthpsk
>        keyexchange=ikev1
>        aggressive=yes
>        ikelifetime=24h
>        ike=aes256-sha1-modp2048!
>        esp=aes256-sha1-modp2084!
>        lifetime=1h
>        left=%any
>        leftid=some at email.blubb.com
>        leftsourceip=%config
>        leftauth=psk
>        leftauth2=xauth
>        leftfirewall=yes
>        right=$router_IP
>        rightid=router
>        rightsubnet=,,
>        #rightsubnet=%dynamic
>        rightauth=psk
>        xauth_identity=vpn_connection
>        auto=add
>ipsec status
>Security Associations (1 up, 0 connecting):
>     vpn_connection[3]: ESTABLISHED 74 seconds ago,[
>tsome at email.blubb.com]...redacted_router_ip[redacted_router_IP]
>     vpn_connection{3}:  INSTALLED, TUNNEL, reqid 3, ESP in UDP SPIs:
>c367acb2_i 940c8364_o
>     vpn_connection{3}: ===
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170516/dddec3a8/attachment.html>

More information about the Users mailing list