[Swan] Host-To-Host VPN with multiply interfaces
paul at nohats.ca
Tue May 17 16:23:39 UTC 2016
On Tue, 17 May 2016, Michael Furman wrote:
> I was able to configure Host-To-Host for the interface eth0 without any prob
> Also, I was able to create new pair of certificates for the interface eth1 a
> nd configure it using the following commands:
The keys yo ugenerated are only used for authentication, not encryption.
usually, multiple tunnels between two gateways all share the same
authentication. If you have a host=host tunnel and you want to add
a net-to-net tunnel using the same gateways, just add a conn and
re-use the same auth information and libreswan will re-use it for both
> I can add channel, but when I try to “up” it I see the following errors: “mu
> ltiple ipsec.secrets entries with distinct secrets match endpoints: first se
> cret used”.
secret entries can have an identifier to lock them to a certain IP or
ID. You have two entries that are "default" entries, so it will have
to pick one. the choice is arbitrary so it warns you.
> The configuration:
> conn ha_eth1
> # rsakey AQPe4BcQY
> # rsakey AQPRLsAVt
> # load and initiate automatically
> 003 "ha_eth1" #11: ignoring informational payload INVALID_KEY_INFORMATION, m
> sgid=00000000, length=12
It looks like the other end also got two entries and picked one you
did not expect on this end?
More information about the Swan