Actions
Todo #12180
closed
Feedback on Virtual Private Networks — IPsec — IPsec Configuration
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Description
Page: https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configure.html#advanced-options
Feedback:
Split Connections (IKEv2 Only) When an IKEv2 tunnel has multiple Phase 2 definitions, by default the settings are collapsed in the IPsec configuration such that all P2 combinations are held in a single child SA. Split Connections changes this behavior to be more like IKEv1 where each P2 is its configured by the daemon as own separate child SA. Certain scenarios require this behavior, such as: The remote peer does not properly handle multiple addresses in single traffic selectors. This is especially common in Cisco equipment.
not only Cisco equipment - also Checkpoint, Fortinet and Juniper
see:
https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#Multiple-subnets-per-SA
https://wiki.strongswan.org/projects/strongswan/wiki/Checkpoint
https://wiki.strongswan.org/projects/strongswan/wiki/Fortinet
https://wiki.strongswan.org/projects/strongswan/wiki/Juniper
Updated by Viktor Gurov 
Updated by
Actions