-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Pawel,
You can indeed use different rightid or leftid pairs to match the different tunnels. example: use leftid=tunnel1 for tunnel1 and leftid=tunnel2 for tunnel2. This works. Regards Noel Kuntze Am 09.11.2013 08:53, schrieb Pawel Grzesik: > Hi > > leftid and righted is something else. > What I'm trying to say is to have 2 different password for two different > tunnels but with the same peers. > > Lets say I have two tunnels. > > conn net1 > ike=aes256-md5-modp1024! > esp=aes256-md5! > left=192.168.1.1 > right=192.168.9.1 > leftsubnet=123.123.123.0/27 > rightsubnet=111.111.111.0/32 > auto=route > > conn net2 > ike=aes256-sha1-modp1024! > esp=aes256-sha1! > left=192.168.1.1 > right=192.168.9.1 > leftsubnet=124.124.124.0/32 > rightsubnet=2.2.2.2/32 > auto=route > > So I have the same peers but different tunnels. How I can setup my > ipsec.secret for them if I need to put there peers and PSK ? > > I should be something like: > 192.168.1.1 192.168.9.1 : PSK "password1" # this should be with leftsubnets > 123.123.123.0/27 > 192.168.1.1 192.168.9.1 : PSK "password2" # this should be with leftsubnets > 124.124.124.0/32 > > > Thanks, > Pawel > > On 9 Nov 2013, at 06:09, Ali Masoudi <[email protected] > <mailto:[email protected]>> wrote: > >> Hi >> >> I think it is possible. you can use different pairs of leftid/rightid. >> >> Best wishes >> >> >> On Fri, Nov 8, 2013 at 5:00 PM, Pawel Grzesik >> <[email protected] <mailto:[email protected]>> >> wrote: >> >> Hi All, >> >> Just a quick question. Is it possible to have at the ipsec.secret two >> difference PSK for the same peers but difference tunnels ? >> >> For example >> PEER_ME PEER_EXTERNAL : PSK "test1" >> PEER_ME PEER_EXTERNAL : PSK "test2" >> >> I have the same PEER_ME and also PEER_EXTERNAL are also the same IP. The >> difference is just a PSK and the tunnels. I'm sure it's possible at the >> cisco, but what about my site witch is on StrongSwan? Anyone? >> >> Thanks, >> Pawel >> _______________________________________________ >> Users mailing list >> [email protected] <mailto:[email protected]> >> https://lists.strongswan.org/mailman/listinfo/users >> >> >> _______________________________________________ >> Users mailing list >> [email protected] <mailto:[email protected]> >> https://lists.strongswan.org/mailman/listinfo/users > > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSffplAAoJEDg5KY9j7GZYDtIP/1yreR4bnXK7VcHdOZDyotMZ lSRYicmjs4v3tssYXJ6KfGBynvg57kEmhgWuG8Vk3o179Qmc+nUGZjn4qIXJ7hK3 UVqg6gZU6QuhDF0YF9p7jk+oOKzP76KK8rcBv+sMliEDRj93V9pW+JGwg+b8qapf +RE7er3TUtIhF/1bkTRxrc8Laj632mjDHfFR6/bCZX+xTSgIuoHiaj21Eb1wakHI XsnDADEBB8XjZ3MHt90dOi1CQn6ChHmR76HHdta0RlpmE/P9HmxWjELT74aBBzRi QYQxLXrkT53hpWaEfAJD1DFlZHN5J7As0mrYoZR9MhvRnwoKGurnxdNS2Pd6XFl6 PSGOtQVXMoEf/wbtPLM94+Cx0Jm/4ftnCmJVopuBui+bpEHiSHf7e30FmNgC8yvi 6dzbko+wNf1RmBJkYIyhpxmlXnJKHp0+GR+uVS1oT2a1LxfJStfeC8QqH8Y0J1XL uNFS5YZM1eZJPho7D+zM9pbIlda90IoWXdi7KA+pEBFWXXlZ2qSZ+abdyI/+86Y5 tPlIkOccggGBU7I9p8tGh0Nnq0CHfa+kI992c+u+KlMygNSFFUtxFAR65MY7Ktqj SIPtNrfp8TYPTGho696m1Kg8f7tj9/O1ljfUgCnMbyxTmf9Ki9/LU7mf9UScmB9N YYTqLnuHVDXdw/0psdZ+ =7uUw -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
