Hoping someone can help me out here. I’m trying to configure a site-to-site IKEv1 connection to a remote host managed by another firm. I need to be able to route traffic to to two right-side subnets, 10.0.51.0/24 and 10.0.20.0/24. I’m unable to simply declare 10.0.0.0/16 as the right-side subnet as doing so would conflict with addresses that I need to resolve in our local network.
However, when activated with this configuration, only the last configured child connection enables (in this case subnet02). Commenting out the subnet02 block enables routing to subnet01. It seems this child connection approach is the proper one for ikev1, but I could be wrong. https://lists.strongswan.org/pipermail/users/2012-March/002746.html I suspect I’m missing something very simple, but any help would be appreciated. Gist available here: https://gist.github.com/revprez/b6ae775b02cc2009721d2eadf950cd72 conn common authby=psk type=tunnel ike=... ikelifetime=28800s esp=... keylife=3600s keyingtries=%forever keyexchange=ikev1 left=%defaultroute leftid=... leftsubnet=... right=... dpddelay=10 dpdtimeout=30 dpdaction=restart installpolicy=yes auto=start conn subnet01 also=common rightsubnet=10.0.51.0/24 auto=start conn subnet02 also=common rightsubnet=10.0.20.0/24 auto=start Prez Cannady e: [email protected] <mailto:[email protected]> h: https://revprez.github.io <https://revprez.github.io/>
