On Tue, Dec 27, 2016 at 6:10 AM, Andrey V. Elsukov <bu7cher_at_yandex.ru> wrote: > On 27.12.2016 16:15, Jim Thompson wrote: > >> In it's initial state if_ipsec allows to use only one set of >>> encryption parameters (because only one sainfo anonyumous is >>> possible), so at this time it doesn't allow to create multiple >>> tunnels with VPN hubs that use different cipers and/or transform >>> sets, but as far as I understand this is subject to change and >>> Andrey is already working on a support of this feature from >>> ipsec-tools IKE daemon. >>> >> >> pfSense (which you mention below) is using strongswan, so when >> Andrey is finished with ipsec-tools, we will need to review his >> changes and see what we can do for strongswan. >> >> I'm looking forward to the mutliple-tunnel support, which is >> required for pfSense. >> > > There are no such limits. You can create multiple VTI interfaces. > The problem is in with racoon configuration restrictions. It looks like > ipsec-tools project is dead, I didn't received any replies from > ipsec-tools-devel mailing list. > > I'm not aware how to configure strongswan, so if someone will not try to > do this, I don't know when I will do this. > > Strongswan already supports this. Just the FreeBSD code for it is not there due to the missing feature until now. > -- > WBR, Andrey V. Elsukov > _______________________________________________ > freebsd-net_at_freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe_at_freebsd.org" > > -- > Ermal >Received on Wed Dec 28 2016 - 03:08:50 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:09 UTC