[strongSwan] Listing multiple IP addresses on the rightsubnet

Andreas Steffen andreas.steffen at strongswan.org
Tue Mar 27 09:30:03 CEST 2012


The workaround is to define multiple connections:

conn c1
     also=c0
     rightsubnet=10.122.193.172/32
     auto=start

conn c2
     also=c0
     rightsubnet=110.124.196.172/32
     auto=start
...

conn c0
     left=..
     leftid=..
     right=..
     rightid=..
     ...

resulting in a single ISAKMP SA via Main Mode and multiple IPsec SAs via
Quick Mode.

Regards

Andreas


On 03/27/2012 07:07 AM, Mohammady Mahdy wrote:
> Thanks for your reply.
> 
> Is there a known workaround around this?
> 
> Thanks & Best Regards,
> Mahdy
> 
> -----Original Message-----
> From: Andreas Steffen [mailto:andreas.steffen at strongswan.org] 
> Sent: Monday, March 26, 2012 6:26 PM
> To: Mohammady Mahdy
> Cc: users at lists.strongswan.org
> Subject: Re: [strongSwan] Listing multiple IP addresses on the rightsubnet
> 
> Hello Mahdy,
> 
> this notation works with IKEv2 only.
> 
> Regards
> 
> Andreas
> 
> On 26.03.2012 10:53, Mohammady Mahdy wrote:
>> Hi,
>>
>> I've been given multiple IP addresses that are too diverse to fit in
>> a reasonable sized subnet. I am using the same installation as a 
>> lan-to-lan gateway for multiple connections, and I don't wish to use
>> an oversized subnet that might make life harder  in adding newer
>> subnets in the future.
>>
>> Is there a way to put a list of IP addresses in the rightsubnet?
>>
>> I tried something like:
>>
>>
> rightsubnet=10.122.193.172/32,10.124.196.172/32,10.123.105.152/32,10.121.105
> .153/32,10.123.158.12/32,10.120.110.14/32
>>
>> It starts up fine but the first address only is recognized.
>>
>> Any ideas about the recommended configuration style to use?
>>
>> Thanks & Best Regards,
>>
>> Mahdy
> 
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
> 
> 


-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Users mailing list