On 27.12.2016 16:15, Jim Thompson wrote:
In it's initial state if_ipsec allows to use only one set of
encryption parameters (because only one sainfo anonyumous is
possible), so at this time it doesn't allow to create multiple
tunnels with VPN hubs that use different cipers and/or transform
sets, but as far as I understand this is subject to change and
Andrey is already working on a support of this feature from
ipsec-tools IKE daemon.
pfSense (which you mention below) is using strongswan, so when
Andrey is finished with ipsec-tools, we will need to review his
changes and see what we can do for strongswan.
I'm looking forward to the mutliple-tunnel support, which is
required for pfSense.
There are no such limits. You can create multiple VTI interfaces.
The problem is in with racoon configuration restrictions. It looks like
ipsec-tools project is dead, I didn't received any replies from
ipsec-tools-devel mailing list.
I'm not aware how to configure strongswan, so if someone will not try to
do this, I don't know when I will do this.
--
WBR, Andrey V. Elsukov
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
