Hi!
I need to add more that one subnet to IPSec policy.
I've tried something like this
src-address=192.168.50.0/24 src-port=any dst-address=10.6.6.0/24
dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp
tunnel=yes sa-src-address=my_wan_ip sa-dst-address=remote_ip
proposal=proposal2 priority=0
src-address=192.168.60.0/24 src-port=any dst-address=10.6.6.0/24
dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp
tunnel=yes sa-src-address=my_wan_ip sa-dst-address=remote_ip
proposal=proposal2 priority=0
But works only one (the first one). From asecond subnet I have no access to remote network. In logs (with ipsec debug) I didnt find ant errors.
Could you please help with it?
thanks.

sergioser, try instead of

level=require

Two IPSec tunnels from the same network

It is much easier to create GRE tunnel interface, protect it with IPSec and do all the routing via it instead of creating those complicated IPSec policies.

By the way, is plain IPSec tunnel interfaces are on the feature request list?

It is much easier to create GRE tunnel interface, protect it with IPSec and do all the routing via it instead of creating those complicated IPSec policies.

By the way, is plain IPSec tunnel interfaces are on the feature request list?

If you can, please provide some details about gre interface (link, doc etc). Can I use it without any changes on remote side?
Thanks.

sergioser, try

Code: Select all

level=unique

instead of

level=require

Two IPSec tunnels from the same network

Thanks. But its not my case