[Swan] multiple child SA
Paul Wouters
paul at nohats.ca
Wed Aug 12 01:29:50 UTC 2020
On Mon, 10 Aug 2020, Mehboob Ansari wrote:
> I am doing some ipsec related configuration via libreswan and got stuck on one scenario.
>
> Can you please guide me how i can make 2 or more IPSEC CHILD SA which sharing one IKE SA.
>
> means : I need IKE SA: total 1)
>
> and IPSEC SA : total(2)
You can either just add multiple connections and libreswan will
automatically figure out when it can share the IKE SA, or you
can use subnets (plural) instead of subnet (singular) to cover
combinations, eg:
leftsubnets={10.0.1.0/24,192.168.1.0/24}
rightsubnets={172.16.2.0/24,10.13.14.0/24}
Note that this will setup all combinations, so 4 tunnels.
Paul
More information about the Swan
mailing list