On Fri, Feb 27, 2009 at 1:52 PM, Andrew Cotter
<andrew dot cotter at somersetcapital dot com> wrote:
>> -----Original Message-----
>> From: Lee Sharp [mailto:leesharp at hal dash pc dot org]
>> Sent: Friday, February 27, 2009 1:07 PM
>> To: m0n0wall at lists dot m0n0 dot ch
>> Subject: Re: [m0n0wall] Multiple IPSEC tunnels between two endpoints
>> You only need one tunnel, and appropriate routes and rules.
>> The tunnel is between the core router and the core router.
> So... Setup the one tunnel.
> 10.0.0.0/17 <---> 10.1.0.0/17
> Once that is up and running, add a static route to say
No, you were right initially. Static routes don't push traffic over
IPsec, the traffic has to match something in your SPD. Since your
subnets aren't CIDR-summarizable, you have to use parallel tunnels, as
Aside from the difference in local and remote networks, I believe you
may also have to use a different PSK for each. I don't recall for
sure, that's what I've done in the past and it works.