On 27.12.2016 16:15, Jim Thompson wrote: >> In it's initial state if_ipsec allows to use only one set of >> encryption parameters (because only one sainfo anonyumous is >> possible), so at this time it doesn't allow to create multiple >> tunnels with VPN hubs that use different cipers and/or transform >> sets, but as far as I understand this is subject to change and >> Andrey is already working on a support of this feature from >> ipsec-tools IKE daemon. > > pfSense (which you mention below) is using strongswan, so when > Andrey is finished with ipsec-tools, we will need to review his > changes and see what we can do for strongswan. > > I'm looking forward to the mutliple-tunnel support, which is > required for pfSense. There are no such limits. You can create multiple VTI interfaces. The problem is in with racoon configuration restrictions. It looks like ipsec-tools project is dead, I didn't received any replies from ipsec-tools-devel mailing list. I'm not aware how to configure strongswan, so if someone will not try to do this, I don't know when I will do this. -- WBR, Andrey V. ElsukovReceived on Tue Dec 27 2016 - 13:10:53 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:09 UTC