[strongSwan] One IPsec client talk to another through the SeGW ?
graham.hudspith at gmail.com
Fri Mar 4 13:48:25 CET 2011
Thanks for that. Unfortunately, all of these abstract labels are making my
head hurt. Let's try some real numbers.
Host A and Host B have local IP addresses in the 192.16.50.xxx subnet.
The SeGW has an unsecure IP address (i.e. on eth0) in the 172.16.xxx.xxx
subnet and a secure IP address (i.e. on eth1) in the 172.17.xxx.xxx subnet.
The SeGW is configured to hand out virtual IP addresses to Hosts A and B
using the 10.15.xxx.xxx subnet.
So, we want Host A to be able to talk to other entities in the 10.15.xxx.xxx
subnet using IPsec (i.e. Host A <-> Host B via SeGW) and ALSO we want Host A
and Host B to be able to talk to entities on the secure side of the SeGW
(i.e. other servers on the 172.17.xxx.xxx subnet).
So, currently, on the SeGW we have:
Does this make sense ?
On 4 March 2011 10:58, Andreas Steffen <andreas.steffen at strongswan.org>wrote:
> this is an easy one:
> ipsec.conf of host A:
> conn a-b
> ipsec.conf of gateway GW:
> conn a-gw
> conn b-gw
> ipsec.conf of host B
> conn b-a
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users