[Swan] How to handle multiple networks on both ends?
Paul Wouters
paul at nohats.ca
Mon Jan 30 02:30:07 UTC 2017
On Sun, 22 Jan 2017, Xinwei Hong wrote:
> One follow-up question. Assume we have conn1 and conn2 (or probably more conn's), they both using
> same endpoints for tunnel, but will support different subnet pairs. We want to bring up/down
> individual conn freely. All conns should share the same phase 1 IKE tunnel. How do we guarantee
> that?
Just writing the conns out works and you can individually bring these up
and down and libreswan will know when it can re-use the same IKE SA. If
you are using the plural forms of left/rightsubnets= then the connection
is instantiated, for example:
conn example
left=a.b.c.d
right=e.f.g.h
leftsubnets=10.0.1.0/24,10.0.2.0/24
rightsubnets=192.168.1.0/24,192.168.2.0/24
Then you will get conns with the names "example0x0", "example1x0",
"example1x1" and "example0x1"
You can control those 4 conns just as if you had written those names in
a config file.
Paul
More information about the Swan
mailing list