[strongSwan] strongswan multiple iterations?

Thu Aug 4 16:49:16 CEST 2011

On Tuesday 12 July 2011 08:16:14 Martin Willi wrote:
> Hi,
> 
> > a) can two iterations of strongswan be run on the same network  -one on
> > the main router and the other on the ssh server?
> 
> Does the SSH server run on a dedicated box with a public IP? Then there
> is no reason why you couldn't run strongSwan on it.
> 
> > b) if a) is true, can ipsec traffic be routed directly to the ssh server
> > though the main router has the ipsec daemon running ?
> 
> If ESP and IKE traffic will be addressed to the SSH server, why not.
> 
> 
> But it is not clear to me why you'll need two IPsec gateways on your
> network and what you'd like to do with them...
> 
> Regards
> Martin

Thanks for your reply/  I have now adjusted the req  and is considering 
placing the sshD server inside the local network.  If I use    the latest 
version of strongswan and 'protocol selection'  as described  here:-

http://www.strongswan.org/uml/testresults/ikev2/protoport-dual/index.html
or here:-
http://www.strongswan.org/uml/testresults/ikev2/protoport-route/index.html

Speaking of ssh only,  would there not be additional  secutity if a connection 
for the ipsec-client/sshd-server  (in this case Alice) was described 
in the ipsec.conf file for the gateway?  And if so what would the resultant 
connection be in the ipsec.comf file for the rw-client  Carol?

(  In otherwords basically I want a setup where the  tummel; is   from the 
remote host to the sshD server inside the network )

#######

advice would be welcomed.

sincerely

lux-integ