It seems that nobody doesn't have any idea about this yet. Is there anybody who also faced this problem before?
On Tue, Oct 9, 2012 at 5:44 PM, Ali Masoudi <[email protected]> wrote: > Hi > > I supposed to think that strongswan supports multiple private keys for > multiple connections, for example in RSA connections. But when I start > ipsec with config file that mentioned below. The configs at other ends > are like this config. But start ipsec, only one of them is established > (the second one in config). If I delete the second one, and restart > ipsec, the first one is established instead. Does anybody have any > idea what is going on? Is this because, we use left=192.168.20.190 for > both tunnels or is because of same IDs on the left side? > > Thanks > Ali Masoudi > > ipsec.conf: > ########################################################### > config setup > uniqueids="no" > > conn %default > keyingtries="0" > leftsendcert="always" > > ########################################################### > conn t-218 > authby="rsasig" > auto="start" > type="tunnel" > compress="no" > rekeymargin="540" > left="192.168.20.190" > leftid="192.168.20.190" > leftsubnet="192.168.214.214/32" > right="192.168.20.218" > rightid="192.168.20.218" > rightsubnet="192.168.50.5/32" > ike="aes128-md5-modp4096" > esp="3des-md5-modp1024" > keylife="3600" > ikelifetime="3600" > leftrsasigkey=/usr/local/etc/ipsec.d/private/local_pub_t-218.pem > > rightrsasigkey="0sAQPGMU0kl6uWdBJRrW93KfYn3rtrim0HRRQCNAVbE9F/8z9wBmdj0gt3EymD//+cC34foHuCbwXB2ikoDb5+9P/IrLDvFcehIP1n7gqXTEbBXoyTDzqDg/TKE84spy2mg22wpaiMXVGw7OrG7ojag70oWVUGf5EBFuwKVuGYegeNFXkMAY4j4SFXAZaaRfChG/BoMAQVkGQ0/oINBjbDsZqfIE5nVp/75KDoimiJ+YRJENU5AnzjxRKgxAs9X96+PnOnIFrj7sAwiIdA8TegOdHINht7GYNFFM7Ab5p2HuTcKCKX7fFUDdpx2hVMrAVjI/Z5OOwjo/99v07J2F1eJBFZ" > > keyexchange="ikev1" > dpdaction = restart > dpddelay = 30s > dpdtimeout = 60s > ########################################################### > conn t-110 > authby="rsasig" > auto="start" > type="tunnel" > compress="no" > rekeymargin="540" > left="192.168.20.190" > leftid="192.168.20.190" > leftsubnet="192.168.214.214/32" > right="192.168.20.110" > rightid="192.168.20.110" > rightsubnet="192.168.100.10/32" > ike="3des-md5-modp4096" > esp="aes128-sha1-modp1024" > keylife="3600" > ikelifetime="3600" > leftrsasigkey=/usr/local/etc/ipsec.d/private/local_pub_t-110.pem > > rightrsasigkey="0sAwEAAbMOsSgRv7ji2IsnVf8qFcwIbqkdNhk0ZCKXdg1U3ynaYCaQEaEh9vyRUvVijkDf/n8VMsg8BDov9YTgi1u4ArftSD9m91RUqrhgjVVBSrCAHUE8d9Q1NHjpJHX5Uf/9lqQSziPm4YhKzIOkwEmIl2iOJSrSPUCMW7qJ5sTEF+AQtf7KFQjgfty71XBm+kAe4OrnU62T0BQhGDMqfhelMkrM9RWOKCUdPH7ngtv0X33B0YnRfnrtnGORCNnuwrI+jgeAjg769pBu2CQWVmIxfcv1/gAV+NLUYnIKRh6+RdEO5iyvx8ByaXLvRKoN2Iu9WDDoFh2oKHy0OutXKpQ6MsM=" > > keyexchange="ikev1" > dpdaction = restart > dpddelay = 30s > dpdtimeout = 60s > ########################################################### > > ipsec.secrets: > ########################################################### > 192.168.20.218 : RSA test-218-190.pem > ########################################################### > 192.168.20.110 : RSA rsa-110.pem _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
