[strongSwan] net2net without rightsubnet

刘棋星 liuqixing2005 at qq.com
Mon Feb 13 17:33:07 CET 2012 

Hi,all
         The roadwarriors alice and venus sitting behind the NAT router moon set up tunnels to gateway sun.
  
 
   
     The content of  ipsec.conf in the moon as :
 # /etc/ipsec.conf - strongSwan IPsec configuration file config setup 	plutostart=no conn %default 	ikelifetime=60m 	keylife=20m 	rekeymargin=3m 	keyingtries=1 	authby=secret 	keyexchange=ikev2 	mobike=no conn net-net 	left=192.168.0.1 	leftid=@moon.strongswan.org 	leftfirewall=yes 	right=192.168.0.2 	rightsubnet=10.2.0.0/16 	rightid=@sun.strongswan.org 	auto=add
          And the content of ipsec.conf in the moon as :
  
 # /etc/ipsec.conf - strongSwan IPsec configuration file config setup 	plutostart=no conn %default 	ikelifetime=60m 	keylife=20m 	rekeymargin=3m 	keyingtries=1 	authby=secret 	keyexchange=ikev2 	mobike=no conn net-net 	left=192.168.0.2 	leftsubnet=10.2.0.0/16 	leftid=@sun.strongswan.org 	leftfirewall=yes 	right=192.168.0.1 	rightid=@moon.strongswan.org 	auto=add     Maybe you  has found that  there is not a line "leftsubnet=10.1.0.0/16" in the ipsec.conf of moon,and there is aslo  not a line "rightsubnet=10.1.0.0/16" in the ipsec.conf of sun.    Now what I need is that :alice and moon can ping bob with the IPsec tunnel, ,and venus can ping winnettou without the IPsec tunnel ,the serious situation is that I only can modify the ipsec.conf of moon ,and  ban modifying the ipsec.conf of sun .This hard question has troubled me for a month ,I have found  many references,but I still can not solve this hard question , is there any method can solve this hard question ?May I solve this question by the iptables or modify the ipsec.conf of moon only ? Regards , 										Qixing Law
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120214/c9096b73/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 06EED9A6 at AFE86D12.433B394F.png
Type: application/octet-stream
Size: 35693 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120214/c9096b73/attachment.obj>

More information about the Users mailing list