[Swan] GCP - IKEv2 multiple subnets CIDRs on single Child SA
Bán László
laca at andrews.hu
Thu Mar 16 20:34:51 EET 2023
Hi Paul,
thank you very much for the quick reply! May I know when it is expected
and in which version?
Thanks,
laca
2023-03-16 14:23 keltezéssel, Paul Wouters írta:
> It is supported in git main but not in a released version of libreswan yet
>
> Sent using a virtual keyboard on a phone
>
>> On Mar 16, 2023, at 04:23, Bán László <laca at andrews.hu> wrote:
>>
>> Hi Paul,
>>
>> https://cloud.google.com/network-connectivity/docs/vpn/concepts/choosing-networks-routing#ts-ip-ranges
>>
>> The GCP link above says that:
>>
>> *Important:* When using IKEv2, your peer VPN gateway *must* accept all
>> of the CIDRs in each traffic selector using a single Child SA. Not all
>> VPN gateways support this. VPN gateways that create a unique Child SAi
>> per CIDR are *not* compatible with Cloud VPN.*
>>
>>
>> Does Libreswan support this now? You wrote earlier, that version 4.1
>> will already support it.
>>
>>
>> Thank you for your help!
>> laca
>>
>> --
>> Bán László <laca at andrews.hu>
>> Andrews IT Engineering Kft.
>> _______________________________________________
>> Swan mailing list
>> Swan at lists.libreswan.org
>> https://lists.libreswan.org/mailman/listinfo/swan
--
Bán László <laca at andrews.hu>
Andrews IT Engineering Kft.
More information about the Swan
mailing list