[strongSwan] strongswan routing
Andreas Steffen
andreas.steffen at strongswan.org
Wed Jun 15 09:29:14 CEST 2011
Hello Alexandre,
your configuration should look like this:
conn customer1
rightid=<customer 1 ID>
leftsubnet=<VLAN1>
mark=10
also=gateway
auto=add
conn customer2
rightid=<customer 1 ID>
leftsubnet=<VLAN1>
mark=20
also=gateway
auto=add
conn gateway
right=%any
left=<gateway IP or %any>
leftcert=<gateway cert>
leftid=<gateway ID>
leftupdown=/etc/mark_updown
assuming that your clients have dynamic IP addresses so
that you must resort to the peer ID to identify the clients.
You then need a customized mark_updown scripts which uses
NETMAP to translate the peer networks based on the peer
identities. You can start from the following scripts:
http://git.strongswan.org/?p=strongswan.git;a=blob;f=testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/mark_updown;h=c64158a2f876e79ae2f43c4342d3c2956b483a9d;hb=HEAD
although the scenario is slightly different.
Regards
Andreas
On 06/13/2011 03:10 PM, Alexandre Chapellon wrote:
> Here is something concrete:
>
>
> | cutomer1 LAN | ipsectun1 VLAN1
> |_192.168.1/24_|============| STRONGSWAN |----------|_customer1_hosted_|
> | |
> | VPN |
> | |
> | 192.168.1/24 |============|__GATEWAY___|----------|_customer2_hosted_|
> |_cutomer2_LAN_| ipsectun2 VLAN2
>
>
>
> Should be better... hopefully.
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list