[strongSwan] 答复: IP range support
Chester Chen - 陈朝包
Chester.Chen at mitrastar.cn
Tue Feb 14 08:57:15 CET 2012
Dear Tobias,
Thanks for your reply.
Now I have an other question: If I want to add a parameter (like leftiprange,rightiprange)in ipsec.conf,
and I hope the parameters can be accepted by strongswan, how can I implement it?
-----邮件原件-----
发件人: Tobias Brunner [mailto:tobias at strongswan.org]
发送时间: 2012年2月8日 18:14
收件人: Chester Chen - 陈朝包
抄送: users at lists.strongswan.org
主题: Re: [strongSwan] IP range support
Hi Chester,
> I am using strongswan-4.2.8, I have a question want to check you, does
> this version have support IP range like 192.168.2.3-192.168.2.233 when
> set to left|right side?
No, we currently don't support arbitrary address ranges. Such ranges
are simply mapped to the smallest subnet containing at least all the
addresses (192.168.2.0/24 in your case).
> If not does any one have an idea to implement it?
You have to manually split your range into multiple subnets and use
these in left|rightsubnet. For your range this would give you a list of
10 subnets:
192.168.2.3/32, 192.168.2.4/30, 192.168.2.8/29, 192.168.2.16/28,
192.168.2.32/27, 192.168.2.64/26, 192.168.2.128/26, 192.168.2.192/27,
192.168.2.224/29, 192.168.2.232/31
I just added a ticket for this [1], so we will probably add support for
address ranges in one of our next releases.
Regards,
Tobias
[1] http://wiki.strongswan.org/issues/173
More information about the Users
mailing list