[strongSwan] Right hosts
Andreas Steffen
andreas.steffen at strongswan.org
Thu Jun 28 06:20:46 CEST 2012
Hi Pedro,
if Checkpoint supports IKEv2 then you could specify:
conn all
rightsubnet=192.168.1.35/32,192.168.1.36/32,192.168.1.37/32,192.168.1.38/32,192.168.1.39/32
With IKEv1 only
conn subnet
rightsubnet=192.168.1.34/29
or 6 separate IPsec SAs are possible
conn c1
rightsubnet=192.168.1.35/32
also=main
auto=start
conn c6
rightsubnet=192.168.1.39/32
also=main
auto=start
conn main
left=
leftsubnet=
right=
...
Regards
Andreas
On 06/27/2012 10:53 AM, Pedro José Bello Valiñas wrote:
> Hi all,
> We have a list of remote hosts with we want to communicate to through our
> tunnel (Strongswan - Checkpoint).
> For example:
> - 192.168.1.35/32
> - 192.168.1.36/32
> - 192.168.1.37/32
> - 192.168.1.38/32
> - 192.168.1.39/32
>
> Now, when we configure our Strongswan right conn parameter, what should we
> set there?
>
> Rightsubnet=192.168.1.34/29? (Altough 192.168.1.40/32 doesn't belong to the
> remote hosts we want to communicate through the tunnel?)
>
> Is there any way to specify a "closed" list of hosts?
>
> Regards,
> Pedro.
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list