[strongSwan] Listing multiple IP addresses on the rightsubnet
Andreas Steffen
andreas.steffen at strongswan.org
Tue Mar 27 09:30:03 CEST 2012
The workaround is to define multiple connections:
conn c1
also=c0
rightsubnet=10.122.193.172/32
auto=start
conn c2
also=c0
rightsubnet=110.124.196.172/32
auto=start
...
conn c0
left=..
leftid=..
right=..
rightid=..
...
resulting in a single ISAKMP SA via Main Mode and multiple IPsec SAs via
Quick Mode.
Regards
Andreas
On 03/27/2012 07:07 AM, Mohammady Mahdy wrote:
> Thanks for your reply.
>
> Is there a known workaround around this?
>
> Thanks & Best Regards,
> Mahdy
>
> -----Original Message-----
> From: Andreas Steffen [mailto:andreas.steffen at strongswan.org]
> Sent: Monday, March 26, 2012 6:26 PM
> To: Mohammady Mahdy
> Cc: users at lists.strongswan.org
> Subject: Re: [strongSwan] Listing multiple IP addresses on the rightsubnet
>
> Hello Mahdy,
>
> this notation works with IKEv2 only.
>
> Regards
>
> Andreas
>
> On 26.03.2012 10:53, Mohammady Mahdy wrote:
>> Hi,
>>
>> I've been given multiple IP addresses that are too diverse to fit in
>> a reasonable sized subnet. I am using the same installation as a
>> lan-to-lan gateway for multiple connections, and I don't wish to use
>> an oversized subnet that might make life harder in adding newer
>> subnets in the future.
>>
>> Is there a way to put a list of IP addresses in the rightsubnet?
>>
>> I tried something like:
>>
>>
> rightsubnet=10.122.193.172/32,10.124.196.172/32,10.123.105.152/32,10.121.105
> .153/32,10.123.158.12/32,10.120.110.14/32
>>
>> It starts up fine but the first address only is recognized.
>>
>> Any ideas about the recommended configuration style to use?
>>
>> Thanks & Best Regards,
>>
>> Mahdy
>
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
>
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list