[strongSwan] vpn ipSec - IPSEC

Richard Andrews richard.andrews at symstream.com
Fri Aug 24 00:51:12 CEST 2012

IKEv2 has some helpful features here.

>From what I've read, if you can use IKEv2 the rightsubnet can be a comma
separated list allowing one IKE SA to manage the traffic-selectors of
these tunnels. Don't know if Cisco supports this.

See the ipsec.conf man page on leftsubnet

If this isn't supported, maybe you can create multiple auth IDs
(different PSK for each ID) and link one traffic selector to each ID. I
think you could do this with N conn sections setting "leftid=..." and
with corresponding entries in ipsec.secrets. This smells like the wrong
way to do it and I would try to avoid it.

On Wed, 2012-08-22 at 16:32 -0300, Leandro . wrote:
> Good Afternoon,
> I need to a VPN ipsec/psk with a partner, and the left side (me) is a
> subnet (/27) and the other side is just some hosts (starting with 5,
> maybe more in the future).
> The right side cannot be a subnet, but is mandatory in Cisco ACLs ...
> Is possible with strongSwan ? Which scenario, of those in UML tests
> (in the website) can be applicable ?
> Thank you.
> -- 
> Jefferson Leandro
> Curitiba - BR

More information about the Users mailing list