Hi Andreas, The option which you have given work fine I am able to create 200 lan to lan tunnels
But when I tried 300 lan to lan , its failing in phase 2 Its keep on resending phase2 Is there any limitation of max number of L2L possible in strongswan..? Thanks Arun -----Original Message----- From: Arun Raj Sent: Tuesday, May 05, 2009 8:30 PM To: 'Andreas Steffen' Cc: users@lists.strongswan.org Subject: RE: [strongSwan] Multiple tunnels between same peer Thanks a Lot Andreas, Let me try this in my setup esp=3des-md5-9 is not a syntax error Here is 9 represents the DH as you mentioned Regards Arun -----Original Message----- From: Andreas Steffen [mailto:andreas.stef...@strongswan.org] Sent: Monday, May 04, 2009 8:44 PM To: Arun Raj Cc: users@lists.strongswan.org Subject: Re: [strongSwan] Multiple tunnels between same peer Hi Arun, either define multiple connections: conn %default type=tunnel authby=secret left=10.1.1.2 leftid=sswan rightid=chamundi right=10.1.1.5 esp=3des-md5-9 keyexchange=ikev2 ike=aes128-sha1-modp1024,3des-sha1-md5-modp1024 auto=add conn tunnel1 leftsubnet=192.168.10.0/24 rightsubnet=172.16.10.0/24 conn tunnel2 leftsubnet=192.168.14.0/24 rightsubnet=172.16.12.0/24 or define multiple traffic selectors: conn tunnel type=tunnel authby=secret left=10.1.1.2 leftid=sswan rightid=chamundi right=10.1.1.5 leftsubnet=192.168.10.0/24,192.168.14.0/24 rightsubnet=172.16.10.0/24,172.16.12.0/24 esp=3des-md5-9 keyexchange=ikev2 ike=aes128-sha1-modp1024,3des-sha1-md5-modp1024 auto=add In the first example 192.168.10/24 is connected to 172.16.10.0/24 as part of the IKE_AUTH exchange and 192.168.14.0/24 to 172.16.12.0/24 with an additional CREATE_CHILD_SA exchange whereas in the second example the multiple traffic selectors are set up by the IKE_AUTH exchange but with the additional side effect that 192.168.10.0/24 will be coupled wit 172.16.12.0/24 and 192.168.14.0/24 with 172.16.10.0/24. BTW - esp=3des-md5-9 has an invalid syntax. What does -9 mean? A Diffie-Hellman group??? Best regards Andreas c Arun Raj wrote: > Hi Andraw, > > I am trying to bring multiple tunnels using PSK between same peers Is > this option available in strongswan > > The config files I used was as below. > Could you please let me know how can we modify the below file to setup > multiple tunnels between same peers > > I search in the net adn I am unable to get these option > > # basic configuration > > config setup > strictcrlpolicy=no > plutostart=no > charonstart=yes > charondebug=all > klipsdebug=all > > > conn tunnel > type=tunnel > authby=secret > left=10.1.1.2 > leftid=sswan > rightid=chamundi > right=10.1.1.5 > leftsubnet=192.168.10.0/24 > rightsubnet=172.16.10.0/24 > esp=3des-md5-9 > keyexchange=ikev2 > pfs=no > ike=aes128-sha1-modp1024,3des-sha1-md5-modp1024 > auto=add > > > Thanks > Arun > _______________________________________________ > Users mailing list > Users@lists.strongswan.org > https://lists.strongswan.org/mailman/listinfo/users -- ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
