[strongSwan] Site2site VPN Config Examples

Holger Rauch Holger.Rauch at empic.de
Thu Nov 4 16:05:13 CET 2010

Hi Martin,

thanks a lot for your quick reply.

From: Martin Willi [martin at strongswan.org]
Sent: Thursday, November 04, 2010 15:39
To: Holger Rauch
Cc: users at lists.strongswan.org
Subject: RE: [strongSwan] Site2site VPN Config Examples

> [...]

> Windows XP supports L2TP over IPsec with IKEv1 only, so is a >completely
>different story. It works with our IKEv1 daemon, but I won't recommend
>it for a productive setup. And RADIUS is a no-go then from our side. You
>probably better look for a commercial client if this should work
>hassle-free with XP. But one capable of IKEv2 is hard to get!?

Well, I was thinking of using ShrewSoft's VPN client


but I haven't yet figured out whether it supports IKEv2.

> We have kinda Mac
>support, but using virtual IPs as you probably would use it with
>Win7/Linux doesn't work yet.

Concerning the IP assignments, I simply want to assign the machine (mostly laptops) the same IP the machine has when used at work, where we use fixed IP addresses. So, I want to do static IP address assignments based on the MAC address of the network interface for the road warrior setups. Is that possible? In case it is, it's easier to debug potential problems as it's easy to figure out the origin. Is there an example also for this kind of setup?

> [...]

> Using certificates is probably simpler.

Ok, I will probably go with certificates for authenticating the gatways against each other.

Thanks in advance & kind regards,


THE standard software for Aviation Authorities

This communication contains information which is confidential and may also be privileged. It is for the 
exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any 
distribution, copying or use of this communication or the information in it is strictly prohibited. If you have 
received this communication in error please notify us immediately by email or by telephone and then delete 
this email and any copies of it.
Diese E-Mail koennte vertrauliche und/oder rechtlich geschuetzte Informationen enthalten. Wenn Sie nicht 
der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den 
Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser 
Mail sind nicht gestattet.

More information about the Users mailing list