Ahh right, so then I think I can use leftid and rightid in my ipsec.secret. It make sense. I will try that :-)
Thanks, Pawel On 9 Nov 2013, at 09:03, Noel Kuntze <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello Pawel, > > You can indeed use different rightid or leftid pairs to match the different > tunnels. > > example: use leftid=tunnel1 for tunnel1 and leftid=tunnel2 for tunnel2. > This works. > > Regards > Noel Kuntze > > Am 09.11.2013 08:53, schrieb Pawel Grzesik: >> Hi >> >> leftid and righted is something else. >> What I'm trying to say is to have 2 different password for two different >> tunnels but with the same peers. >> >> Lets say I have two tunnels. >> >> conn net1 >> ike=aes256-md5-modp1024! >> esp=aes256-md5! >> left=192.168.1.1 >> right=192.168.9.1 >> leftsubnet=123.123.123.0/27 >> rightsubnet=111.111.111.0/32 >> auto=route >> >> conn net2 >> ike=aes256-sha1-modp1024! >> esp=aes256-sha1! >> left=192.168.1.1 >> right=192.168.9.1 >> leftsubnet=124.124.124.0/32 >> rightsubnet=2.2.2.2/32 >> auto=route >> >> So I have the same peers but different tunnels. How I can setup my >> ipsec.secret for them if I need to put there peers and PSK ? >> >> I should be something like: >> 192.168.1.1 192.168.9.1 : PSK "password1" # this should be with leftsubnets >> 123.123.123.0/27 >> 192.168.1.1 192.168.9.1 : PSK "password2" # this should be with leftsubnets >> 124.124.124.0/32 >> >> >> Thanks, >> Pawel >> >> On 9 Nov 2013, at 06:09, Ali Masoudi <[email protected] >> <mailto:[email protected]>> wrote: >> >>> Hi >>> >>> I think it is possible. you can use different pairs of leftid/rightid. >>> >>> Best wishes >>> >>> >>> On Fri, Nov 8, 2013 at 5:00 PM, Pawel Grzesik >>> <[email protected] <mailto:[email protected]>> >>> wrote: >>> >>> Hi All, >>> >>> Just a quick question. Is it possible to have at the ipsec.secret two >>> difference PSK for the same peers but difference tunnels ? >>> >>> For example >>> PEER_ME PEER_EXTERNAL : PSK "test1" >>> PEER_ME PEER_EXTERNAL : PSK "test2" >>> >>> I have the same PEER_ME and also PEER_EXTERNAL are also the same IP. The >>> difference is just a PSK and the tunnels. I'm sure it's possible at the >>> cisco, but what about my site witch is on StrongSwan? Anyone? >>> >>> Thanks, >>> Pawel >>> _______________________________________________ >>> Users mailing list >>> [email protected] <mailto:[email protected]> >>> https://lists.strongswan.org/mailman/listinfo/users >>> >>> >>> _______________________________________________ >>> Users mailing list >>> [email protected] <mailto:[email protected]> >>> https://lists.strongswan.org/mailman/listinfo/users >> >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> https://lists.strongswan.org/mailman/listinfo/users >> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBAgAGBQJSffplAAoJEDg5KY9j7GZYDtIP/1yreR4bnXK7VcHdOZDyotMZ > lSRYicmjs4v3tssYXJ6KfGBynvg57kEmhgWuG8Vk3o179Qmc+nUGZjn4qIXJ7hK3 > UVqg6gZU6QuhDF0YF9p7jk+oOKzP76KK8rcBv+sMliEDRj93V9pW+JGwg+b8qapf > +RE7er3TUtIhF/1bkTRxrc8Laj632mjDHfFR6/bCZX+xTSgIuoHiaj21Eb1wakHI > XsnDADEBB8XjZ3MHt90dOi1CQn6ChHmR76HHdta0RlpmE/P9HmxWjELT74aBBzRi > QYQxLXrkT53hpWaEfAJD1DFlZHN5J7As0mrYoZR9MhvRnwoKGurnxdNS2Pd6XFl6 > PSGOtQVXMoEf/wbtPLM94+Cx0Jm/4ftnCmJVopuBui+bpEHiSHf7e30FmNgC8yvi > 6dzbko+wNf1RmBJkYIyhpxmlXnJKHp0+GR+uVS1oT2a1LxfJStfeC8QqH8Y0J1XL > uNFS5YZM1eZJPho7D+zM9pbIlda90IoWXdi7KA+pEBFWXXlZ2qSZ+abdyI/+86Y5 > tPlIkOccggGBU7I9p8tGh0Nnq0CHfa+kI992c+u+KlMygNSFFUtxFAR65MY7Ktqj > SIPtNrfp8TYPTGho696m1Kg8f7tj9/O1ljfUgCnMbyxTmf9Ki9/LU7mf9UScmB9N > YYTqLnuHVDXdw/0psdZ+ > =7uUw > -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
