I’m trying to setup multiple IPSec VTIs between two peers, but I haven’t been
able to have both connections up at the same time.
I have two linux boxes on my local network that I’m trying to configure to
connect to a single AWS instance. The route-based VPN
functionality works great when there is only one tunnel present, but fails
where there is two. Of note, the negotiation succeeds,
however, I’m only able to ping across one of the tunnels.
A visualization of the scenario is such:
1.2.3.4
HOST 1 <———\
\———\
\———\
\———> 5.6.7.8
AWS Instance
/———>
/———/
1.2.3.4 /———/
HOST 2 <———/
where the public IP address of my network is 1.2.3.4 and the public IP address
of the AWS instance is 5.6.7.8. The two hosts on my local network have
unique private IP addresses on the same subnet. The AWS instance has a single
private IP address.
I’ve played around with a handful of configuration options to no avail.
‘vti-shared=yes’ doesn’t give me the functionality I need — I want unique
tunnels
for each connection.
I know OpenVPN allows this, but I’m wondering if such a configuration is
possible with Libreswan. Let me know if this is currently not supported, if
you think it might be and need more information, or if there is some
configuration trick you’ve found successful in accomplishing something similar.
Thanks!
--
cm
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
