Discussion:
[strongSwan-dev] [strongSwan] strongswan 4.5.2 multiple right subnets
Andreas Steffen
2016-06-16 07:50:34 UTC
Permalink
Hi Jayapal,

The IKEv1 protocol does not support comma-separated subnets, so your
problem is independent of the strongSwan version. You must set up a
separate connection definition for each subnet.

Regards

Andreas
Hi,
I am using strongswan ipsec 4.5.2. In this version multiple right
subnets with comma (,) separated is working only for the first subnet.
We have setup where up upgraded from openswan to strongswan. In this
setup only first right subnet is working.
We are using left right debain virtual router and right side Juniper SRX
and we are using ikev1. We can't split that into multiple connections
because right side Juniper srx config can't be changed because it is in
customer location.
Can some one suggest us how to resolve this. Is there patch available
for this ?
I have tried strongswan 5.2 from backports. in this setup my tunnel is
not coming up.
It is bit urgent, your inputs are highly appreciated.
Thanks,
Jayapal
======================================================================
Andreas Steffen ***@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
Jayapal Reddy
2016-06-16 09:35:22 UTC
Permalink
Hi Andreas,

Thanks for you reply.
Earlier we were using openswan where in the config 'keyexchange=ike' is set
(which is ikev1 correct me if I am wrong). In openswan multiple subnets
with comma separated worked.

In strongswan if we setup connection for each subnet, a separate tunnel
will be created for each connection. For connection status, bring up/down
we need to do on each connection. Earlier in openswan we used to manage as
single connection.

Is there any way to manage it as single vpn connection or tunnel ?

Thanks,
Jayapal



On Thu, Jun 16, 2016 at 1:20 PM, Andreas Steffen <
Post by Andreas Steffen
Hi Jayapal,
The IKEv1 protocol does not support comma-separated subnets, so your
problem is independent of the strongSwan version. You must set up a
separate connection definition for each subnet.
Regards
Andreas
Hi,
I am using strongswan ipsec 4.5.2. In this version multiple right
subnets with comma (,) separated is working only for the first subnet.
We have setup where up upgraded from openswan to strongswan. In this
setup only first right subnet is working.
We are using left right debain virtual router and right side Juniper SRX
and we are using ikev1. We can't split that into multiple connections
because right side Juniper srx config can't be changed because it is in
customer location.
Can some one suggest us how to resolve this. Is there patch available
for this ?
I have tried strongswan 5.2 from backports. in this setup my tunnel is
not coming up.
It is bit urgent, your inputs are highly appreciated.
Thanks,
Jayapal
======================================================================
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
Jayapal Reddy
2016-06-17 05:03:51 UTC
Permalink
Hi Andreas,

Any ideas on managing it as single vpn connection ?

Thanks,
Jayapal
Post by Jayapal Reddy
Hi Andreas,
Thanks for you reply.
Earlier we were using openswan where in the config 'keyexchange=ike' is
set (which is ikev1 correct me if I am wrong). In openswan multiple subnets
with comma separated worked.
In strongswan if we setup connection for each subnet, a separate tunnel
will be created for each connection. For connection status, bring up/down
we need to do on each connection. Earlier in openswan we used to manage as
single connection.
Is there any way to manage it as single vpn connection or tunnel ?
Thanks,
Jayapal
On Thu, Jun 16, 2016 at 1:20 PM, Andreas Steffen <
Post by Andreas Steffen
Hi Jayapal,
The IKEv1 protocol does not support comma-separated subnets, so your
problem is independent of the strongSwan version. You must set up a
separate connection definition for each subnet.
Regards
Andreas
Hi,
I am using strongswan ipsec 4.5.2. In this version multiple right
subnets with comma (,) separated is working only for the first subnet.
We have setup where up upgraded from openswan to strongswan. In this
setup only first right subnet is working.
We are using left right debain virtual router and right side Juniper SRX
and we are using ikev1. We can't split that into multiple connections
because right side Juniper srx config can't be changed because it is in
customer location.
Can some one suggest us how to resolve this. Is there patch available
for this ?
I have tried strongswan 5.2 from backports. in this setup my tunnel is
not coming up.
It is bit urgent, your inputs are highly appreciated.
Thanks,
Jayapal
======================================================================
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
Andreas Steffen
2016-06-17 03:42:48 UTC
Permalink
Just use IKEv2 then you can have concatenated subnets.

Andreas
Post by Jayapal Reddy
Hi Andreas,
Any ideas on managing it as single vpn connection ?
Thanks,
Jayapal
Hi Andreas,
Thanks for you reply.
Earlier we were using openswan where in the config 'keyexchange=ike'
is set (which is ikev1 correct me if I am wrong). In openswan
multiple subnets with comma separated worked.
In strongswan if we setup connection for each subnet, a separate
tunnel will be created for each connection. For connection status,
bring up/down we need to do on each connection. Earlier in openswan
we used to manage as single connection.
Is there any way to manage it as single vpn connection or tunnel ?
Thanks,
Jayapal
On Thu, Jun 16, 2016 at 1:20 PM, Andreas Steffen
Hi Jayapal,
The IKEv1 protocol does not support comma-separated subnets, so your
problem is independent of the strongSwan version. You must set up a
separate connection definition for each subnet.
Regards
Andreas
Hi,
I am using strongswan ipsec 4.5.2. In this version multiple right
subnets with comma (,) separated is working only for the
first subnet.
We have setup where up upgraded from openswan to strongswan.
In this
setup only first right subnet is working.
We are using left right debain virtual router and right side
Juniper SRX
and we are using ikev1. We can't split that into multiple
connections
because right side Juniper srx config can't be changed
because it is in
customer location.
Can some one suggest us how to resolve this. Is there patch
available
for this ?
I have tried strongswan 5.2 from backports. in this setup my
tunnel is
not coming up.
It is bit urgent, your inputs are highly appreciated.
Thanks,
Jayapal
======================================================================
strongSwan - the Open Source VPN Solution! www.strongswan.org
<http://www.strongswan.org>
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
--
======================================================================
Andreas Steffen ***@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
Loading...