Hi, We are using the strongswan 4.2.8 stack. for IKEv2(charon).
I have a query regarding the initial configuration and update of IKEv2 daemon using IpSec.conf file: In case I need to create a tunnel with multiple child SAs, Is it possible to configure the IpSec.conf to acheive the same. If yes then how ? To explain the problem in detail, lets consider the following Scenario: As per my understanding following configuration in ipsec.conf 1.) Creates an IKE SA with tunnel IPs as 10.118.209.204 and 10.3.5.218, and 2.) Creates 1 child SA with inner IPs as 10.0.3.1 and 10.0.3.2 conn xyz rightsubnet=10.3.5.218/16 authby=psk right=10.3.5.218 left=10.118.209.204 leftsourceip=10.0.3.1 rightsourceip=10.0.3.2 ike=aes128-sha1-modp2048! esp=aes128-sha1-modp2048! leftsubnet=10.118.209.204/16 auto=add So, instead of creating one CHILD SA i want to create mulitple child SA using the same tunnel configuration(10.118.209.204 and 10.3.5.218), then what are the modification required in IpSec.conf file to acheive the same. Do i need to add multiple set of "left" and "right" values for each desired CHILD SA under the same connection "xyz". Is this supported? Would really appreciate your help. Thanks Regards Sajal _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users