ipsec: allow tunnel isolation compatibility mode
At least FortiGate doesn't like meshing the phase 2 entries so instead isolete each phase 2 entry in its own tunnel. This is supposedly IKEv1 trickery, but it works... Also see: https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#Multiple-subnets-per-SA Also see: https://lists.strongswan.org/pipermail/users/2013-March/004478.html
Showing
Please register or sign in to comment