[Openswan Users] Multiple IKE destinations in config file
simon charles
charlessimon at hotmail.com
Wed Feb 25 11:08:01 EST 2009
Hi !
You can use the "include" parameter in ipsec.conf to add multliple configuration files and each configuration file can have a different remote peer ip address , authentication , encryption and subnets.
ex:
My /etc/ipsec.conf version 2.0 # conforms to second version of ipsec.conf specification# basic configurationconfig setup# Debug-logging controls: "none" for (almost) none, "all" for lots.# klipsdebug=none# plutodebug="control parsing"conn %default keyingtries=0 # disablearrivalcheck=no authby=rsasig # leftrsasigkey=%dns # rightrsasigkey=%dnsconn test auto=start left=172.30.0.3
leftsubnet=10.0.0.1/24 right=172.30.0.10
rightsubnet=172.30.1.0/24
keyexchange=ike esp=3des-sha1-96 keyingtries=0 rekeymargin=4m type=transport
disablearrivalcheck=no authby=secret pfs=yes
include=/etc/ipsec.d/*.conf
And under the folder /etc/ipsec.d/ - you can create multiple conf files with unique configuration.
ex:-
/etc/ipsec.d/aaa.conf
conn aaa
auto=start
left=172.30.0.3
leftsubnet=10.1.0.0/24
right=192.168.0.1
rightsubnet=172.31.0.0/24
keyexchange=ike
esp=aes256-sha1
keyingtries=0
rekeymargin=4m
type=transport
disablearrivalcheck=no
authby=secret
pfs=yes
- Simon Charles -
> Date: Mon, 23 Feb 2009 19:28:47 +0530
> To: users at openswan.org
> From: ssmurthy.nittala at freescale.com
> Subject: [Openswan Users] Multiple IKE destinations in config file
>
> Hi,
> In ipsec.conf configuration file we can specify the Gateway addresses
> using the keywords left and right.But how do we configure multiple
> gateway addresses ie..how can we configure multiple IKE records to
> connect simultaneously to different destination gateways?
> Thanks in advance
> -nsmurthy
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090225/fefd9002/attachment.html
More information about the Users
mailing list