Good morning,
I am trying to connect to remote locations to our main responder. The
issue I am facing is that I can connect each site individually without
any issue, however, I cannot connect both sides at the same time. The
sides are connect to the Internet via dial-up connections with dynamic
IPs from the same provider. Hence, creating a specific peer rule for
each site doesn't work. Is there a way to have both sites connect to the
responder? With the confs as below, only site B can connect, while site
A fails since it uses the "main_to_siteB" conf on the responder. If I
add quick to the "main_to_siteA" conf on the responder, site A works but
B fails as it uses the site A config. Responder and both initiators run
on 6.6 stable.
Any help or suggestions are greatly appreciated.
Best,
Florian
The iked.conf for responder looks like this:
ikev2 'main_to_siteA' passive ipcomp esp \
from 0.0.0.0/0 to 10.8.2.1/32 \
from 0.0.0.0/0 to 192.168.30.0/24 \
from 0.0.0.0/0 to 192.168.37.0/24 \
from 0.0.0.0/0 to 10.253.0.0/24 \
local A.B.C.D peer $provider \
srcid A.B.C.D \
psk "siteApass" \
tag "$name-$id"
ikev2 'main_to_siteB' passive ipcomp esp \
from 0.0.0.0/0 to 10.8.1.1/32 \
from 0.0.0.0/0 to 192.168.41.0/24 \
from 0.0.0.0/0 to 192.168.47.0/24 \
local A.B.C.D peer $provider \
srcid A.B.C.D \
psk "siteBpass" \
tag "$name-$id"
For side A:
ikev2 'site_a_to_main' active esp \
from 10.8.2.1/32 to 0.0.0.0/0 \
from 192.168.30.0/24 to 0.0.0.0/0 \
from 192.168.37.0/24 to 0.0.0.0/0 \
from 10.253.0.0/24 to 0.0.0.0/0 \
peer A.B.C.D \
srcid E.F.G.H \
dstid A.B.C.D \
psk "siteApass" \
For side B:
ikev2 'site_b_to_main' active esp \
from 10.8.1.1/32 to 0.0.0.0/0 \
from 192.168.41.0/24 to 0.0.0.0/0 \
from 192.168.47.0/24 to 0.0.0.0/0 \
peer A.B.C.D \
srcid I.J.K.L \
dstid A.B.C.D \
psk "siteBpass" \
No comments:
Post a Comment