[strongSwan] IP range support
Martin Willi
martin at strongswan.org
Wed Feb 9 09:13:44 CET 2011
Hi Brian,
> I am using strongswan-4.2.8, I have a question want to check you, does
> this version have support IP range like 192.168.2.3-192.168.2.233 when
> set to left|right side?
4.2.8 supports IKEv1 only, and this protocol supports full subnets only.
Or is there an extension for arbitrary address ranges?
The newer IKEv2 supports such address ranges, and our daemon can
actually negotiated them. But:
1) there is currently no way to configure such ranges in ipsec.conf
2) the Linux kernel can handle policies with full subnets only
If a range is negotiated, it gets mapped to the next larger subnet.
> If not does any one have an idea to implement it?
It would require major effort to extend the kernel accordingly. So it
probably won't happen soon, unless somebody is willing to sponsor it.
Regards
Martin
More information about the Users
mailing list