[Swan] IKEv2 multiple subnets CIDRs on single Child SA
Paul Wouters
paul at nohats.ca
Tue Sep 15 21:39:44 UTC 2020
On Tue, 15 Sep 2020, Frank Liu wrote:
> https://cloud.google.com/network-connectivity/docs/vpn/concepts/choosing-networks-routing#ts-ip-rang
> es says:
>
> Important: When using IKEv2, your peer VPN gateway must accept all of the CIDRs in each traffic
> selector using a single Child SA. Not all VPN gateways support this. VPN gateways that create a
> unique Child SA per CIDR are not compatible with Cloud VPN.
>
> Does Libreswan support this? I tried Strongswan and that worked, but couldn't get it to work with
> Libreswan.
It does not currently support this. It won't be in the upcoming 4.0
release either, but it is being planned for libreswan 4.1.
Paul
More information about the Swan
mailing list