[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Multiple IPSEC tunnels between two endpoints
 Date:  Fri, 27 Feb 2009 17:55:53 -0500 
On Fri, Feb 27, 2009 at 1:52 PM, Andrew Cotter
<andrew dot cotter at somersetcapital dot com> wrote:
>> -----Original Message-----
>> From: Lee Sharp [mailto:leesharp at hal dash pc dot org]
>> Sent: Friday, February 27, 2009 1:07 PM
>> To: m0n0wall at lists dot m0n0 dot ch
>> Subject: Re: [m0n0wall] Multiple IPSEC tunnels between two endpoints
>>
>> You only need one tunnel, and appropriate routes and rules.
>> The tunnel is between the core router and the core router.
>
> So... Setup the one tunnel.
>
> 10.0.0.0/17  <--->  10.1.0.0/17
>
> Once that is up and running, add a static route to say
>

No, you were right initially. Static routes don't push traffic over
IPsec, the traffic has to match something in your SPD. Since your
subnets aren't CIDR-summarizable, you have to use parallel tunnels, as
you're doing.

Aside from the difference in local and remote networks, I believe you
may also have to use a different PSK for each. I don't recall for
sure, that's what I've done in the past and it works.