0.0.0.0/0 can not work,it is a limitation. 发自我的 iPhone
> 在 2015年9月6日,1:39,Matthieu <[email protected]> 写道: > > Hi All, > > I'm trying to establish tunnels between a strongswan linux server and cisco > routers with VTI interfaces, using IKEv2. > Strongswan is running in an openvz environnement, so using kernel-libipsec. > > The only way to make it stable using VTI on cisco is apparently to negotiate > a 0.0.0.0==0.0.0.0 SA. All my attempts to restrict the subnets in ipsec.conf > made the cisco router trying to spawn new SAs every few seconds... > > So I'm stuck with left and right subnets = 0.0.0.0. > The problem is that I need to connect to multiple routers, leading to > overlapping 0.0.0.0==0.0.0.0 SAs. > > How can I install routes on the server so that for a specific destination > subnet I can select the correct tunnel ? > I first thought about some kind of marking and iptables but my feeling > reading the code is that libipsec is not using marks to match packets. > > Any idea/advice ? > > Thanks ! > > Matthieu > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
