[Swan] GCP - IKEv2 multiple subnets CIDRs on single Child SA

Bán László laca at andrews.hu
Thu Mar 16 09:15:57 EET 2023


Hi Paul,

https://cloud.google.com/network-connectivity/docs/vpn/concepts/choosing-networks-routing#ts-ip-ranges

The GCP link above says that:

*Important:* When using IKEv2, your peer VPN gateway *must* accept all
of the CIDRs in each traffic selector using a single Child SA. Not all
VPN gateways support this. VPN gateways that create a unique Child SA
per CIDR are *not* compatible with Cloud VPN.*


Does Libreswan support this now? You wrote earlier, that version 4.1
will already support it.


Thank you for your help!
laca

-- 
Bán László <laca at andrews.hu>
Andrews IT Engineering Kft.


More information about the Swan mailing list