[Swan] GCP - IKEv2 multiple subnets CIDRs on single Child SA
Paul Wouters
paul at nohats.ca
Thu Mar 16 15:23:45 EET 2023
It is supported in git main but not in a released version of libreswan yet
Sent using a virtual keyboard on a phone
> On Mar 16, 2023, at 04:23, Bán László <laca at andrews.hu> wrote:
>
> Hi Paul,
>
> https://cloud.google.com/network-connectivity/docs/vpn/concepts/choosing-networks-routing#ts-ip-ranges
>
> The GCP link above says that:
>
> *Important:* When using IKEv2, your peer VPN gateway *must* accept all
> of the CIDRs in each traffic selector using a single Child SA. Not all
> VPN gateways support this. VPN gateways that create a unique Child SA
> per CIDR are *not* compatible with Cloud VPN.*
>
>
> Does Libreswan support this now? You wrote earlier, that version 4.1
> will already support it.
>
>
> Thank you for your help!
> laca
>
> --
> Bán László <laca at andrews.hu>
> Andrews IT Engineering Kft.
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list