[strongSwan] swanctl.conf - How to create unique CHILD_SA(s) for different local_ts and remote_ts ?
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Fri Oct 1 18:14:47 CEST 2021
Hi Arvind,
> What am I doing wrong ?
You're not reading logs. That's what you're doing wrong.
Please follow the HelpRequests[1] article on the wiki.
Kind regards
Noel
[1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests
Am 01.10.21 um 18:10 schrieb Arvind Agaranallur Ganesan:
> Hello Folks,
>
> I am trying to create a unique CHILD_SA for a combination of local_ts and remote_ts combination - here is my configuration file -
>
> =============================
> connections {
> transport {
> remote_addrs = 10.168.0.7
> version = 2
> proposals = default
>
> local {
> id = "transport"
> auth = psk
> }
> remote {
> id = "transport"
> auth = psk
> }
>
> children {
> transport-tcp {
> local_ts = 192.168.0.1/32 <http://192.168.0.1/32>
> remote_ts = 192.168.0.2/32 <http://192.168.0.2/32>
> mode = transport
> start_action = start
> }
> transport-tcp-2 {
> local_ts = 192.168.0.3/32 <http://192.168.0.3/32>
> remote_ts = 192.168.0.4/32 <http://192.168.0.4/32>
> mode = transport
> start_action = start
> }
> }
> }
> }
> secrets {
> ike-1 {
> secret = "xxxxx"
> }
> }
> =============================
>
> I can see the CHILD_SA only for 192.168.0.1/32 <http://192.168.0.1/32> ====== 192.168.0.2/32 <http://192.168.0.2/32> but not the other CHILD_SA for 192.168.0.3/32 <http://192.168.0.3/32> ====== 192.168.0.4/32 <http://192.168.0.4/32>. What am I doing wrong ?
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20211001/c18db595/attachment.sig>
More information about the Users
mailing list