Hi Mark, > This is bad news. I am trying to setup my strongSwan gateway to have > multiple connections. Some connections will be for site-to-site > configs and others will be for my mobile roadwarrior clients. > ... > Are there any tips or tricks I could use?
One thing you could do is to configure the hostname or IP address of the other peer with right= for the site-to-site configs, then list the roadwarrrior config last in ipsec.conf. Also, the selected config can be switched later based on the identity of the other peer, so for site-to-site configs you can configure rightid=<idofpeer> to force a specific config for a peer. And since the default IKE proposal includes all supported algorithms the roadwarrior config should also work for site-to-site tunnels during the first phase if you don't configure ike= and it allows the other peer to force a specific proposal by adding a ! at the end of its ike= line (e.g. ike=aes128-sha256-ecp256!). Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
