On Mon, 10 Aug 2020, Mehboob Ansari wrote:

I am doing some ipsec related configuration via libreswan and got stuck on one 
scenario.

Can you please guide me how i can make 2 or more IPSEC CHILD SA which sharing 
one IKE SA.

means :  I need IKE SA: total 1)

and IPSEC SA : total(2)

You can either just add multiple connections and libreswan will
automatically figure out when it can share the IKE SA, or you
can use subnets (plural) instead of subnet (singular) to cover
combinations, eg:

        leftsubnets={10.0.1.0/24,192.168.1.0/24}
        rightsubnets={172.16.2.0/24,10.13.14.0/24}

Note that this will setup all combinations, so 4 tunnels.

Paul
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to