Re: [strongSwan] Configure multiple transports between 2 machines

[Manu S. Keshava]

Hello users I was not able to figure out how to configure this nor did I 
receive any replies on this thread. Is there any way to  set this up?

Thanks
Manu

From: Users [mailto:users-boun...@lists.strongswan.org] On Behalf Of Manu S. 
Keshava
Sent: Monday, November 7, 2016 5:52 PM
To: users@lists.strongswan.org
Subject: [strongSwan] Configure multiple transports between 2 machines

Hi Strongswan users,

[Machine_A] <------> [Machine_B]
10.1.1.151/24      10.1.1.203/24
10.4.4.151/24      10.4.4.203/24

I have two machines connected to back-to-back using a single port NIC as above. 
I have configured and installed strongswan on both machines.
The machines have an IP alias also configured for the interface(10.4.4.x 
network).
This is the ipsec.conf file on Machine_A and Machine_B.

CONF FILE from Machine_A
-------------------------
# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
        # strictcrlpolicy=yes
        # uniqueids = no

conn %default
        ikelifetime=60m
        keylife=20m
        esp=aes128ccm64
        aggressive=no
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2

conn machA_machB
        left=10.1.1.151
        leftcert=host2Cert.der
        leftid="C=CH, O=Strongswan, CN=host1"
        leftfirewall=no
        right=10.1.1.203
        rightid="C=CH, O=Strongswan, CN=host2"
        type=transport
        auto=add

conn machA_machB_2
        left=10.4.4.151
        leftcert=host2Cert.der
        leftid="C=CH, O=Strongswan, CN=host1"
        leftfirewall=no
        right=10.4.4.203
       rightid="C=CH, O=Strongswan, CN=host2"
        type=transport
        auto=add

CONF FILE from Machine_B
-------------------------
# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
        # strictcrlpolicy=yes
        # uniqueids = no

conn %default
        ikelifetime=60m
        keylife=20m
        esp=aes128ccm64
        aggressive=no
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2

conn machA_machB
        left=10.1.1.203
        leftcert=host2Cert.der
        leftid="C=CH, O=Strongswan, CN=host2"
        leftfirewall=no
        right=10.1.1.151
        rightid="C=CH, O=Strongswan, CN=host1"
        type=transport
        auto=add

conn machA_machB_2
        left=10.4.4.203
        leftcert=host2Cert.der
        leftid="C=CH, O=Strongswan, CN=host2"
        leftfirewall=no
        right=10.4.4.151
       rightid="C=CH, O=Strongswan, CN=host1"
        type=transport
        auto=add


When I bring up conn "machA_machB", it is successful and I verified the same 
from "ipsec status".
Tried to ping over "10.1.1.X" and it was encapsulated.
Now if I try to bring up conn "machA_machB_2", it will remove the first 
connection.
What changes are required to get both of them working at the same time?

Thanks
Manu


_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users