[strongSwan] Listing multiple IP addresses on the rightsubnet

Mohammady Mahdy mohammady.mahdy at getmo.com
Tue Mar 27 09:51:04 CEST 2012


Thank you :)

-----Original Message-----
From: Andreas Steffen [mailto:andreas.steffen at strongswan.org] 
Sent: Tuesday, March 27, 2012 11:30 AM
To: Mohammady Mahdy
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] Listing multiple IP addresses on the rightsubnet

The workaround is to define multiple connections:

conn c1
     also=c0
     rightsubnet=10.122.193.172/32
     auto=start

conn c2
     also=c0
     rightsubnet=110.124.196.172/32
     auto=start
...

conn c0
     left=..
     leftid=..
     right=..
     rightid=..
     ...

resulting in a single ISAKMP SA via Main Mode and multiple IPsec SAs via
Quick Mode.

Regards

Andreas


On 03/27/2012 07:07 AM, Mohammady Mahdy wrote:
> Thanks for your reply.
> 
> Is there a known workaround around this?
> 
> Thanks & Best Regards,
> Mahdy
> 
> -----Original Message-----
> From: Andreas Steffen [mailto:andreas.steffen at strongswan.org]
> Sent: Monday, March 26, 2012 6:26 PM
> To: Mohammady Mahdy
> Cc: users at lists.strongswan.org
> Subject: Re: [strongSwan] Listing multiple IP addresses on the 
> rightsubnet
> 
> Hello Mahdy,
> 
> this notation works with IKEv2 only.
> 
> Regards
> 
> Andreas
> 
> On 26.03.2012 10:53, Mohammady Mahdy wrote:
>> Hi,
>>
>> I've been given multiple IP addresses that are too diverse to fit in 
>> a reasonable sized subnet. I am using the same installation as a 
>> lan-to-lan gateway for multiple connections, and I don't wish to use 
>> an oversized subnet that might make life harder  in adding newer 
>> subnets in the future.
>>
>> Is there a way to put a list of IP addresses in the rightsubnet?
>>
>> I tried something like:
>>
>>
> rightsubnet=10.122.193.172/32,10.124.196.172/32,10.123.105.152/32,10.1
> 21.105
> .153/32,10.123.158.12/32,10.120.110.14/32
>>
>> It starts up fine but the first address only is recognized.
>>
>> Any ideas about the recommended configuration style to use?
>>
>> Thanks & Best Regards,
>>
>> Mahdy
> 
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications University of 
> Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
> 
> 


--
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications University of Applied
Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==



-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1913 / Virus Database: 2114/4896 - Release Date: 03/26/12





More information about the Users mailing list