[Swan] setting up additional tunnels

Paul Wouters paul at nohats.ca
Mon Oct 4 02:52:37 UTC 2021

On Fri, 1 Oct 2021, owen s wrote:

> conn mainconnection    
>         auto=start    
>         authby=secret    
>         ike=aes256-sha256;dh14    
>         esp=aes256-sha256                    
>         ikelifetime=86400s                            
>         salifetime=3600s                                  
>         pfs=no                             
>         compress=no                               
>         ikev2=no                            
>         aggressive=no                                                                                                                     
>         left=[my nat ip address]                                                                                                         
>               leftsubnet=                   
>         leftid=[my local machine's public ip address[                 
>         right=[remote ip address]                  
>         rightsubnet=                                                                                                        
> The above connection works and I can connect to the remote subnet.I need to create a few more routes for a loopback and two interfaces.
> I have a tunnel source which are all a part of the right subnet [] ip address range.

The question here is not clear, so it is not possible to give you much
advise. To add subnets, you can use leftsubnets="a.b.c.0/24,d.e.f.g.0/24"  (note the plural subnetS)
You cannot just "route" whatever into and interface and hope IPsec
works. IPsec needs proper policies installed before you can do things
like routing into an ipsecX or vtiX device.


More information about the Swan mailing list