[Swan] Multiple Route-based VPNs between identical peers
Craig Marker
cmarker at inspeednetworks.com
Tue Jan 31 19:33:49 UTC 2017
I’m trying to setup multiple IPSec VTIs between two peers, but I haven’t been able to have both connections up at the same time.
I have two linux boxes on my local network that I’m trying to configure to connect to a single AWS instance. The route-based VPN
functionality works great when there is only one tunnel present, but fails where there is two. Of note, the negotiation succeeds,
however, I’m only able to ping across one of the tunnels.
A visualization of the scenario is such:
1.2.3.4
HOST 1 <———\
\———\
\———\
\———> 5.6.7.8
AWS Instance
/———>
/———/
1.2.3.4 /———/
HOST 2 <———/
where the public IP address of my network is 1.2.3.4 and the public IP address of the AWS instance is 5.6.7.8. The two hosts on my local network have
unique private IP addresses on the same subnet. The AWS instance has a single private IP address.
I’ve played around with a handful of configuration options to no avail. ‘vti-shared=yes’ doesn’t give me the functionality I need — I want unique tunnels
for each connection.
I know OpenVPN allows this, but I’m wondering if such a configuration is possible with Libreswan. Let me know if this is currently not supported, if
you think it might be and need more information, or if there is some configuration trick you’ve found successful in accomplishing something similar.
Thanks!
--
cm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20170131/42f9b4a9/attachment.html>
More information about the Swan
mailing list