[strongSwan] Site2site VPN Config Examples

Holger Rauch Holger.Rauch at empic.de
Thu Nov 4 10:38:22 CET 2010


I want to setup a site2site VPN between a jail on my external firewall (DMZ aa.bb.cc/26 <->Internet) and a jail my internal firewall (DMZ aa.bb.cc/26<->internal network 10.xx/16), both running the current version of strongSWAN (4.5.0). My main goal is that a road warrior can connect to the "outer end" of the site2site VPN and is "routed through" to the internal network so that the road warrior can use resources on hosts of the internal network.

Since both firewalls are running FreeBSD 8.1 and FreeBSD supports jails, I'm thinking of creating a jail on each of the firewalls and running the current version of strongSWAN (4.5.0) within each of the two jails (as outlined above). The main reason I want to use jails is that I want to save money for two additional physical hosts (I'm aware that using physical hosts instead of jails would be more secure).

I've already been browsing through


and even though it contains many useful examples, I haven't yet found an example for configuring a site2site network with strongSWAN. User authentication is supposed to be performed by a FreeRADIUS server, the RADIUS data is supposed to be stored in an LDAP DIT (OpenLDAP server most likely running on the same machine as the FreeRADIUS server).

Any recommendations, sample config files, pointers, etc. are most welcome.

In case you need any additional info please don't hesitate to ask. I'll provide it to the best of my knowledge.

Thanks in advance & kind regards,


THE standard software for Aviation Authorities

This communication contains information which is confidential and may also be privileged. It is for the 
exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any 
distribution, copying or use of this communication or the information in it is strictly prohibited. If you have 
received this communication in error please notify us immediately by email or by telephone and then delete 
this email and any copies of it.
Diese E-Mail koennte vertrauliche und/oder rechtlich geschuetzte Informationen enthalten. Wenn Sie nicht 
der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den 
Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser 
Mail sind nicht gestattet.

More information about the Users mailing list