Hi Ali, --On Monday, January 07, 2013 02:39:55 PM +0330 Ali Masoudi <masoudi1...@gmail.com> wrote:
> I have a simple question, and I would be grateful if anyone could > answer it. > > If we want to establish multiple tunnels between two endpoints, is it > recommended to use "reuse_ikesa = no" option in strongswan.conf. > > I figured it in my tests that it is better to use the default config. > Am I right? What is the application of reuse_ikesa option? Thanks a > lot. if you set reuse_ikesa = no there will be a new IKE_SA for every CHILD_SA. Normally it is ok to have one IKE_SA with more CHILD_SAs. Handling is a little bit easier if you want to stop/start single CHILD_SAs. Do the different tunnels run to the same net on one side? Then you could enable them in a single tunnel. Example: rightsubnet= 192.168.1.0/25 leftsubnet=10.0.0.0/8,172.16.1.0/24,172.16.2.0/24,172.31.0.0/16 Best Regards Dirk _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users