[Swan] IKEv2 with multiple conn entries
Bobby Jones
flemingaod at gmail.com
Tue May 15 13:55:38 UTC 2018
I have been beating my head against this for awhile, and I'm hoping that
someone can point me in the right direction.
I have a number of IPSec tunnels established, mostly from libreswan to
Cisco ASAs. Most are IKE v1, and in that case if I want to reach multiple
hosts on the remote side I can have a formulation like this in my .conf
file:
conn test1
rightsubnet=192.168.1.111/255.255.255.255
rightsourceip=192.168.1.111
also=test_common
auto=start
conn test2
rightsubnet=192.168.1.112/255.255.255.255
rightsourceip=192.168.1.112
also=test_common
auto=start
However, if I use this syntax with IKEv2, I can start test1 and reach
192.168.1.111, but test2 will then not complete.
My question is, what syntax will allow me to establish an IKEv2 tunnel
which lets me reach both 192.168.1.111 & 192.168.1.112?
I have tried using:
conn test
rightsubnet=192.168.1.1/27
leftsubnet=192.168.2.2/32
also=test_common
auto=start
This formulation gets me up to the point where I see "STATE_PARENT_I2: sent
v2I2, expected v2R2" but then all I get is "STATE_PARENT_I2:
retransmission".
If anyone can point me in the right direction I'd be grateful.
Thanks,
Bobby
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180515/44699e99/attachment.html>
More information about the Swan
mailing list