Hello Noel We are using two interfaces at once from same host to the same secure gateway. root@wglng-6:~# ip route show 10.64.64.64 dev ppp0 proto kernel scope link src 166.204.4.61 192.168.1.0/24 dev eth1.13 proto kernel scope link src 192.168.1.134 Note: I did not show interfaces that are not applicable
Both tunnels are up and were able to ping and send data thru the tunnels. root@wglng-6:~# swanctl --list-sas sgateway1-radio0: #2, ESTABLISHED, IKEv2, 08173d8797a410eb_i* 5fa1f29dce075fd4_r local '[email protected]' @ 166.204.4.61[4500] [20.20.20.9] remote 'C=CA, O=Carillon Information Security Inc., OU=TEST, OU=Devices, OU=Aircraft Operator Ground Stations, OU=Teledyne Controls, CN=ELS-VPAPP-WGL08 - ID' @ 76.232.248.210[4500] AES_CBC-256/HMAC_SHA2_512_256/PRF_HMAC_SHA1/ECP_256 established 922s ago, rekeying in 43s, reauth in 2455s sgateway1-radio0: #4, reqid 2, INSTALLED, TUNNEL-in-UDP, ESP:AES_CBC-256/HMAC_SHA1_96 installed 336s ago, rekeying in 211s, expires in 325s in c2e01069, 1320 bytes, 33 packets, 6s ago out e1c27d5f, 1452 bytes, 33 packets, 6s ago local 20.20.20.9/32 remote 10.100.20.15/32 sgateway1-gldl: #1, ESTABLISHED, IKEv2, 00989cc440834937_i* 5e3c5e4b5c1ec4cf_r local '[email protected]' @ 192.168.1.134[4500] [20.20.20.8] remote 'C=CA, O=Carillon Information Security Inc., OU=TEST, OU=Devices, OU=Aircraft Operator Ground Stations, OU=Teledyne Controls, CN=ELS-VPAPP-WGL08 - ID' @ 76.232.248.210[4500] AES_CBC-256/HMAC_SHA2_512_256/PRF_HMAC_SHA1/ECP_256 established 1049s ago, rekeying in 150s, reauth in 2257s sgateway1-gldl: #3, reqid 1, INSTALLED, TUNNEL-in-UDP, ESP:AES_CBC-256/HMAC_SHA1_96 installed 469s ago, rekeying in 104s, expires in 191s in c45db512, 1880 bytes, 47 packets, 6s ago out 77309eef, 2068 bytes, 47 packets, 6s ago local 20.20.20.8/32 remote 10.100.20.15/32 strongswan creates the following in table 220 root@wglng-6:~# ip route show table 220 10.100.20.15 via 192.168.1.1 dev eth1.13 proto static src 20.20.20.8 When we bring down eth1.13, the tunnel for ppp0 becomes unusable. We think the problem is that ppp0 does not have a via in table 220. Also, we currently are not using a custom updown script. If you need more information, let me know. Thanks -----Original Message----- From: Noel Kuntze [mailto:[email protected]] Sent: Wednesday, May 03, 2017 7:33 AM To: Modster, Anthony <[email protected]>; [email protected] Subject: [SUSPECT EMAIL: No Reputation] Re: [strongSwan] multiple tunnels Hello Anthony, On 03.05.2017 06:57, Modster, Anthony wrote: > > > ? how to setup ipsec policy > > > > We want to use multiple tunnels on separate interfaces on the same host to > one secure gateway. > > > > The secure gateway only has one external IP address. > Depends on your exact requirements. You need to elaborate on this. Kind regards, Noel -- Noel Kuntze IT security consultant GPG Key ID: 0x0739AD6C Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
