Hi,
We are using the strongswan 4.2.8 stack. for IKEv2(charon).
I have a query regarding the initial configuration and update of IKEv2 daemon
using IpSec.conf file:
In case I need to create a tunnel with multiple child SAs, Is it
possible to configure the IpSec.conf to acheive the same. If yes then
how ?
To explain the problem in detail, lets consider the following Scenario:
As per my understanding following configuration in ipsec.conf 1.)
Creates an IKE SA with tunnel IPs as 10.118.209.204 and 10.3.5.218,
and 2.) Creates 1 child SA with inner IPs as 10.0.3.1 and 10.0.3.2
conn xyz
rightsubnet=10.3.5.218/16
authby=psk
right=10.3.5.218
left=10.118.209.204
leftsourceip=10.0.3.1
rightsourceip=10.0.3.2
ike=aes128-sha1-modp2048!
esp=aes128-sha1-modp2048!
leftsubnet=10.118.209.204/16
auto=add
So, instead of creating one CHILD SA i want to create mulitple child
SA using the same tunnel configuration(10.118.209.204 and 10.3.5.218),
then what are the modification required in IpSec.conf file to acheive
the same.
Do i need to add multiple set of "left" and "right" values for each
desired CHILD SA under the same connection "xyz".
Is this supported?
Would really appreciate your help.
Thanks
Regards
Sajal
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
