[strongSwan] How to route multiple networks over the same tunnel?

Andreas Steffen andreas.steffen at strongswan.org
Fri Nov 12 15:31:25 CET 2010 

Hello Carlos,

you can define as many networks as you like:

conn client_card_trans
         left=XXX.160.208.130
         leftid=XXX.160.208.130
         right=XXX.7.199.162
         rightid=XXX.7.199.162
         dpdaction=restart
         keyexchange=ikev1
         ike=aes256-sha1-modp1024
         esp=3des-md5
         pfsgroup=modp1024
         authby=secret

conn net1
	also=client_card_trans
         leftsubnet=172.31.0.0/24
         rightsubnet=XXX.7.197.253/32
	auto=start

conn net2
	also=client_card_trans
	leftsubnet=10.10.15.3/32
  	rightsubnet=172.31.4.0/24
	auto=start

First one IKE_SA between XXX.160.208.130 and XXX.7.199.162
is created during Main Mode and then two Quick Modes
follows which set up the IPsec SAs for the subnets.

Regards

Andreas

On 11/12/2010 12:49 PM, Carlos Xavier wrote:
> Hi.
> I got the following configuration up and running with Pluto.
>
> conn client_card_trans
>          left=XXX.160.208.130
>          leftsubnet=172.31.0.0/24
>          leftid=XXX.160.208.130
>          right=XXX.7.199.162
>          rightsubnet=XXX.7.197.253/32
>          rightid=XXX.7.199.162
>          dpdaction=restart
>          keyexchange=ikev1
>          ike=aes256-sha1-modp1024
>          esp=3des-md5
>          pfsgroup=modp1024
>          authby=secret
>          auto=start
>
> Now we need to add trafic comming by the right side from the network 172.31.4.0/24 and of the host
> 10.10.15.3/32.
>
> I know on Firewall1 it is possible because you create one group of objects and define it as a
> encryption domain, then they will use the same tunnel.
>
> Is that possible to route multiple networks on the same tunnel with StrongSwan?
> How can I make this configuration on StrongSwan?
>
> Regards,
> Carlos.

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Users mailing list