[strongSwan] SS501, ikev1 and per host SA's ?
Kimmo Koivisto
koippa at gmail.com
Wed Oct 10 17:22:28 CEST 2012
Hello
I have SS501 and net2net scenario. I'm acting as initiator and
responder prefers IPV4 (SA per host) Phase 2 identities.
There are one C-class subnet (destination) that I need to tunnel from
one C-class (source), but how to do it with only one connection, I see
that left/rightsubnetwithin is not supported in 5.x.x.
How to configure
conn one
leftsubnet=10.0.0.0/24
rightsubnet=172.16.0.0/24
add=route
so that the result would be:
IPSec SA:
10.0.0.1/32[any protocol] <->172.16.0.1/32[any protocol]
10.0.0.1/32[any protocol] <->172.16.0.100/32[any protocol]
I did not find any "negotiate SA per host" options that would this.
Regards,
Kimmo
More information about the Users
mailing list