[strongSwan] IPsecSA encrypting traffic from any destination
vivek bairathi
bairathi.vivek at gmail.com
Fri May 7 11:20:54 CEST 2010
Hi,
I wanted to create an IPsec SA that would encrypt traffic from any
destination ( rightsubnet= any ). However, the following configuration is
not accepted by strongswan:-
conn IpSecSSEPlane
ikelifetime=24h
keyexchange=ikev2
keyingtries=%forever
keylife=90m
reauth=no
rekey=yes
mobike=no
rekeymargin=2m
ike=aes128-sha1-modp1024,3des-sha1-modp1024!
esp=aes128-sha1-modp1024,3des-sha1-modp1024!
authby=rsasig
right=10.10.10.2
left=20.20.20.21
* leftsubnet=15.15.15.5/32*
* rightsubnet=%any
* leftprotoport=%any
rightprotoport=%any
leftcert=/home/vivek/vivek/latestdir1/BTScert.pem
rightid=%any
auto=add
Not specifying the rightsubnet. replaces it with right/32.
Can you let me know how can I specify a connection that would encrypt
traffic from any destination ( right subnet)
Thanks,
Vivek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100507/52074650/attachment.html>
More information about the Users
mailing list