Just use IKEv2 then you can have concatenated subnets.
Andreas On 17.06.2016 07:03, Jayapal Reddy wrote:
Hi Andreas, Any ideas on managing it as single vpn connection ? Thanks, Jayapal On Thu, Jun 16, 2016 at 3:05 PM, Jayapal Reddy <[email protected] <mailto:[email protected]>> wrote: Hi Andreas, Thanks for you reply. Earlier we were using openswan where in the config 'keyexchange=ike' is set (which is ikev1 correct me if I am wrong). In openswan multiple subnets with comma separated worked. In strongswan if we setup connection for each subnet, a separate tunnel will be created for each connection. For connection status, bring up/down we need to do on each connection. Earlier in openswan we used to manage as single connection. Is there any way to manage it as single vpn connection or tunnel ? Thanks, Jayapal On Thu, Jun 16, 2016 at 1:20 PM, Andreas Steffen <[email protected] <mailto:[email protected]>> wrote: Hi Jayapal, The IKEv1 protocol does not support comma-separated subnets, so your problem is independent of the strongSwan version. You must set up a separate connection definition for each subnet. Regards Andreas On 06/16/2016 06:27 AM, Jayapal Reddy wrote: > Hi, > > I am using strongswan ipsec 4.5.2. In this version multiple right > subnets with comma (,) separated is working only for the first subnet. > We have setup where up upgraded from openswan to strongswan. In this > setup only first right subnet is working. > We are using left right debain virtual router and right side Juniper SRX > and we are using ikev1. We can't split that into multiple connections > because right side Juniper srx config can't be changed because it is in > customer location. > > Can some one suggest us how to resolve this. Is there patch available > for this ? > I have tried strongswan 5.2 from backports. in this setup my tunnel is > not coming up. > > It is bit urgent, your inputs are highly appreciated. > > Thanks, > Jayapal > ====================================================================== Andreas Steffen [email protected] <mailto:[email protected]> strongSwan - the Open Source VPN Solution! www.strongswan.org <http://www.strongswan.org> Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
-- ====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
