[strongSwan] IKEv1 and IP pools
Peter Sagerson
psagers at ignorare.net
Wed Feb 15 18:22:45 CET 2012
That's great news, thanks! I think the reason I was confused by the wiki page is that it opens the address pools discussion with "The IKEv2 daemon charon supports address pools since version 4.2.1." and makes no further mention of IKEv1. I've updated the wiki page with the relevant pluto version number.
On Feb 15, 2012, at 9:12 AM, Tobias Brunner wrote:
> Hi Peter,
>
>> The wiki page on virtual IPs[1] is a little coy, but
>> certainly seems to suggest that IP pools are a charon-only feature.
>
> How so? Regarding IKEv1 it states "The feature set is similar to that
> in IKEv2, but not all features are supported."
>
>> This list message from Feb 2009[2] seems to confirm it quite clearly.
>
> Well, that statement was written three years ago. Granted the version
> you are using (4.3.2) is not much newer and the above statement still
> applies to it. But a quick look into our changelog shows that support
> for virtual IP pools for IKEv1 was added in 4.4.0 (May 2010).
>
>> So just to be clear, let's say I want to support a large number of
>> IKEv1 clients (think thousands of iPhones) with XAUTH/RSA. Is there
>> any practical way to do this with strongSwan?
>
> You have to use a newer version, but then you should be able to use
> rightsourceip=<net>/<bits> to define a subnet large enough to handle all
> the clients.
>
> Regards,
> Tobias
More information about the Users
mailing list