On Fri, Nov 21, 2008 at 02:52:53PM +0000, Mikolaj Kucharski wrote:
> Hi,
>
> Is it possible to have two or more subnets, each configured with the
> same srcid, dstid and peer? Currently I cannot make it work. It works
> only for the first subnet in the roadwarior config file. Is is possible
> at all, no matter what IPsec implementation I would like to use?
Thanks Mitja. To resolve my problem config on the router should look
like:
# router: /etc/ipsec.conf(5)
ike passive esp tunnel \
from { \
172.16.0.0/16 \
192.168.1.0/24 \
192.168.2.0/24 \
192.168.3.0/24 \
} to any \
srcid net4511.example.com
Roadwariors don't need to change anything. They can have multiple
tunnels defined separetly.
> # roadwarior: /etc/ipsec.conf(5)
> ike dynamic esp tunnel \
> from egress to 172.16.0.0/16 \
> peer net4511.example.com \
> srcid x40.openbsd.home.lan dstid net4511.example.com
> ike dynamic esp tunnel \
> from egress to 192.168.3.0/24 \
> peer net4511.example.com \
> srcid x40.openbsd.home.lan dstid net4511.example.com
--
best regards
q#
