[Openswan Users] Multiple IKE destinations in config file

ss murthy nittala ssmurthy.nittala at freescale.com
Thu Feb 26 01:30:45 EST 2009 

Thanks for replies.

How do we specify multiple disjoint leftsubnets (and right subnets) 
associated with one IKE connection.

Is it always required to place the commands leftsbnets,rightsubnets 
along with the commands left,right? or is there a way to declare them 
separately and then bind with the IKE connection (left,right declaration).

similarly how do we specify protocol and ports and then multiple of them?

Does the configuration take advantage of the possibility of multiple 
selectors when ikev2 is being used?

Thanks in advance
-nsmurthy




At 11:47 PM 2/25/2009, Paul Wouters wrote:
>On Wed, 25 Feb 2009, ss murthy nittala wrote:
>
>>Suppose if multiple IKE conns are defined using different destination
>>gateways.Can we specify separate leftsubnet,rightsubnet values for
>>each of these IKE connections?
>
>yes.
>
>>How do we associate them using
>>configuration commands.My idea is to direct different data flows
>>through different IKE tunnels.
>
>openswan automatically re-uses a phase1 if two conns share it. Other
>then that, it is just two different tunnels, so:
>
>conn one
>   left=1.2.3.4
>   right=5.6.7.8
>   leftsubnet=10.0.0.0/24
>   rightsubnet=10.0.1.0/24
>
>conn two
>   left=1.2.3.4
>   right=2.2.2.2
>   leftsubnet=10.10.10.0/24
>   rightsubnet=10.20.20.0/24
>
>conn three
>   left=1.2.3.4
>   right=2.2.2.2
>   leftsubnet=10.11.11.0/24
>   rightsubnet=10.20.20.0/24
>
>etc etc.
>
>Paul
>>Thanks in advance
>>-nsmurthy
>>
>>At 12:57 AM 2/25/2009, Paul Wouters wrote:
>>>On Tue, 24 Feb 2009, ss murthy nittala wrote:
>>>
>>>>In ipsec.conf configuration file we can specify the Gateway addresses
>>>>using the keywords left and right.But how do we configure multiple
>>>>gateway addresses ie..how can we configure multiple IKE records to
>>>>connect simultaneously to different destination gateways?
>>>
>>>Create another "conn connectionname" section.
>>>
>>>Paul
>>>_______________________________________________
>>>Users at openswan.org
>>>http://lists.openswan.org/mailman/listinfo/users
>>>Building and Integrating Virtual Private Networks with Openswan:
>>>http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>>
>>_______________________________________________
>>Users at openswan.org
>>http://lists.openswan.org/mailman/listinfo/users
>>Building and Integrating Virtual Private Networks with Openswan:
>>http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list