On Tue, 17 May 2016, Michael Furman wrote:
I was able to configure Host-To-Host for the interface eth0 without any prob
lem.
Also, I was able to create new pair of certificates for the interface eth1 a
nd configure it using the following commands:
The keys yo ugenerated are only used for authentication, not encryption.
usually, multiple tunnels between two gateways all share the same
authentication. If you have a host=host tunnel and you want to add
a net-to-net tunnel using the same gateways, just add a conn and
re-use the same auth information and libreswan will re-use it for both
tunnels.
I can add channel, but when I try to “up” it I see the following errors: “mu
ltiple ipsec.secrets entries with distinct secrets match endpoints: first se
cret used”.
secret entries can have an identifier to lock them to a certain IP or
ID. You have two entries that are "default" entries, so it will have
to pick one. the choice is arbitrary so it warns you.
The configuration:
conn ha_eth1
[email protected]
left=172.17.0.1
# rsakey AQPe4BcQY
leftrsasigkey=0…UQ==
[email protected]
right=172.17.0.2
# rsakey AQPRLsAVt
rightrsasigkey=0…szi3
authby=rsasig
ike=aes256-sha2_256;modp2048
phase2alg=aes256-sha2_256;modp2048
sha2_truncbug=yes
# load and initiate automatically
auto=start
003 "ha_eth1" #11: ignoring informational payload INVALID_KEY_INFORMATION, m
sgid=00000000, length=12
It looks like the other end also got two entries and picked one you
did not expect on this end?
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
