[strongSwan] Right hosts

Pedro José Bello Valiñas pedro.bello at tic.alten.es
Wed Jul 4 11:23:15 CEST 2012 

Hi again Andreas,
Any other configuration needed for this to work?
After establishing the communication using IKEv2, only the first IP on
rightsubnet parameter is being routed through the tunnel. The second one is
going out of the tunnel.

rightsubnet=192.168.1.35/32,192.168.1.36/32

Any ideas?

Thanks again!!


-----Mensaje original-----
De: Andreas Steffen [mailto:andreas.steffen at strongswan.org] 
Enviado el: jueves, 28 de junio de 2012 5:21
Para: pedro.bello at tic.alten.es
CC: users at lists.strongswan.org
Asunto: Re: [strongSwan] Right hosts

Hi Pedro,

if Checkpoint supports IKEv2 then you could specify:

conn all

rightsubnet=192.168.1.35/32,192.168.1.36/32,192.168.1.37/32,192.168.1.38/32,
192.168.1.39/32

With IKEv1 only

conn subnet
     rightsubnet=192.168.1.34/29

or 6 separate IPsec SAs are possible

conn c1
     rightsubnet=192.168.1.35/32
     also=main
     auto=start

conn c6
     rightsubnet=192.168.1.39/32
     also=main
     auto=start

conn main
     left=
     leftsubnet=
     right=
     ...

Regards

Andreas

On 06/27/2012 10:53 AM, Pedro José Bello Valiñas wrote:
> Hi all,
> We have a list of remote hosts with we want to communicate to through 
> our tunnel (Strongswan - Checkpoint).
> For example:
> - 192.168.1.35/32
> - 192.168.1.36/32
> - 192.168.1.37/32
> - 192.168.1.38/32
> - 192.168.1.39/32
> 
> Now, when we configure our Strongswan right conn parameter, what 
> should we set there?
> 
> Rightsubnet=192.168.1.34/29? (Altough 192.168.1.40/32 doesn't belong 
> to the remote hosts we want to communicate through the tunnel?)
> 
> Is there any way to specify a "closed" list of hosts?
> 
> Regards,
> Pedro.

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications University of Applied
Sciences Rapperswil CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Users mailing list