[strongSwan] Strongswan 4.5.1 sqlite database passthrough
Martin Willi
martin at strongswan.org
Fri Jun 24 16:41:30 CEST 2011
> Is it possible to do that with traffic_selectors ans peer_configs
> tables ?
Yes, you can associate as many traffic_selectors using
child_config_traffic_selector to child_configs as you need.
> In traffic_selectors table, fields to be filled are start_address and
> end_address but you mean it must be network and broadcast addresses ?
You can define ranges in the sql backend and negotiate them with IKEv2.
Unfortunately, the Linux kernel supports full subnets only. Non-subnet
ranges are mapped to the next matching subnet while installing the
policies.
> How can we have route exception ?
You can't. But you could install the required routes manually, and
disable automatic route installation by charon using strongswan.conf:
charon {
install_routes = no
}
Regards
Martin
More information about the Users
mailing list