From 4d86bd4e6bc1a097aa58b47fd1115e32b50f1ef6 Mon Sep 17 00:00:00 2001
From: jdubois <jdubois+gitit@evolix.fr>
Date: Wed, 26 Jun 2019 15:48:57 +0200
Subject: [PATCH] =?UTF-8?q?Plusieurs=20r=C3=A9seaux=20distants?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 HowtoIKED.md | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/HowtoIKED.md b/HowtoIKED.md
index 2f8b38c1..8a0e3ab2 100644
--- a/HowtoIKED.md
+++ b/HowtoIKED.md
@@ -67,7 +67,7 @@ ikev2 active esp \
     ikesa auth hmac-sha2-256 enc aes-256 prf hmac-sha2-256 group modp4096 \
     childsa auth hmac-sha1 enc aes-256 group modp4096 \
     ikelifetime 86400 lifetime 3600 \
-    psk "PKS-TO-CONFIGURE"
+    psk "PSK-TO-CONFIGURE"
 ~~~
 
 Test de la configuration :
@@ -86,6 +86,26 @@ Activation et démarrage de iked :
 
 Puis effectuer les mêmes actions sur l'autre passerelle.
 
+Dans le cas où l'on veut atteindre plusieurs réseaux locaux distants, il suffit d'ajouter une ligne `from $local_network to $remote_network_second \`, ce qui donne :
+
+~~~
+local_ip="192.0.2.254"
+local_network="203.0.113.0/25"
+
+remote_ip="198.51.100.254"
+remote_network="203.0.113.128/26"
+remote_network_second="203.0.113.192/26"
+
+ikev2 active esp \
+    from $local_network to $remote_network \
+    from $local_network to $remote_network_second \
+    local $local_ip peer $remote_ip \
+    ikesa auth hmac-sha2-256 enc aes-256 prf hmac-sha2-256 group modp4096 \
+    childsa auth hmac-sha1 enc aes-256 group modp4096 \
+    ikelifetime 86400 lifetime 3600 \
+    psk "PSK-TO-CONFIGURE"
+~~~
+
 ## Administration
 
 ### Redémarrer les VPN