[strongSwan] Clients with identical networks?

Andreas Steffen andreas.steffen at strongswan.org
Mon Dec 3 20:19:31 CET 2012

Hi Jakob,

have a look at the following example scenario


which applies source NAT to two identical subnets using XFRM marks.

Best regards


On 03.12.2012 16:40, Jakob Curdes wrote:
> .. I have done quite a bit of research but I did not find a description 
> for my layout; or at least I did not find one which I understand to 
> describe my problem.
> I (will) have several roadwarriors with the same internal subnet; they 
> will all have to connect to one central IPSec hub. I need connectivity 
> in both directions, so a source NAT (done e.g. by updown script) does 
> not really help here as far as I see. I know that e.g. with Cisco you 
> can do a "two-way NAT" thing so that we can distinguish the subnets by 
> moving them on the client side. What would a solution with IPSec tools 
> look like?
> Regards,
> Jakob Curdes

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121203/b970a6fe/attachment.bin>

More information about the Users mailing list