[strongSwan] is it possible?
Andrew Zhoglo
andrew.zhoglo at gmail.com
Wed Sep 12 15:07:51 CEST 2012
Hi
I have two main offices E and W, and two small offices N and S.
Only main offices connected with all another offices.
How I need access from N to S or from S to W without establishing
connection between its in ipsec.conf. Is it possible?
Sorry my English.
ipsec.conf from E
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# plutodebug=all
# crlcheckinterval=600
# strictcrlpolicy=yes
# cachecrls=yes
nat_traversal=no
charonstart=yes
plutostart=no
conn %default
authby=rsasig
left=a.b.1.1
leftid="E IPSec Server"
leftcert=E_pub.pem
keylife=8h
ikelifetime=2h
rekeymargin=10m
rekeyfuzz=25%
keyexchange=ikev2
pfs=yes
compress=no
keyingtries=0
mobike=no
dpdaction=hold
# 2 W
conn E2W
right=a.b.2.1
rightid="W IPSec Server"
rightcert=W_pub.pem
rightsubnet=192.168.10.0/24
leftsubnet=192.168.0.0/24
compress=no
keyingtries=0
auto=start
# 2 N
conn E2N
rightid="N IPSec Server"
right=a.b.3.1
rightcert=N_pub.pem
rightsubnet=192.168.1.0/24
leftsubnet=192.168.0.0/24
compress=no
keyingtries=0
auto=start
# 2 S
conn E2S
right=a.b.4.1
rightid="S IPSec Server"
rightcert=S_pub.pem
rightsubnet=192.168.11.0/24
leftsubnet=192.168.0.0/23
compress=no
keyingtries=0
auto=start
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
ipsec.conf from W
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# plutodebug=all
# crlcheckinterval=600
# strictcrlpolicy=yes
# cachecrls=yes
nat_traversal=no
charonstart=yes
plutostart=no
conn %default
authby=rsasig
left=a.b.2.1
leftid="W IPSec Server"
leftcert=W_pub.pem
rightrsasigkey=%cert
leftrsasigkey=%cert
keylife=8h
ikelifetime=2h
rekeymargin=10m
rekeyfuzz=25%
keyexchange=ikev2
pfs=yes
compress=no
keyingtries=0
mobike=no
dpdaction=hold
# 2 E
conn W2E
right=a.b.1.1
rightid="E IPSec Server"
rightcert=E_pub.pem
rightsubnet=192.168.0.0/24
leftsubnet=192.168.10.0/24
compress=no
keyingtries=0
auto=start
# 2 N
conn W2N
right=a.b.3.1
rightid="N IPSec Server"
rightcert=N_pub.pem
rightsubnet=192.168.1.0/24
leftsubnet=192.168.10.0/23
compress=no
keyingtries=0
auto=start
# 2 S
conn W2S
right=a.b.4.1
rightid="S IPSec Server"
rightcert=S_pub.pem
rightsubnet=192.168.11.0/24
leftsubnet=192.168.10.0/24
compress=no
keyingtries=0
auto=start
#
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
ipsec.conf from N
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# plutodebug=all
# crlcheckinterval=600
# strictcrlpolicy=yes
# cachecrls=yes
nat_traversal=no
charonstart=yes
plutostart=no
conn %default
authby=rsasig
left=a.b.3.1
leftid="N IPSec Server"
leftcert=N_pub.pem
rightrsasigkey=%cert
leftrsasigkey=%cert
keylife=8h
ikelifetime=2h
rekeymargin=10m
rekeyfuzz=25%
keyexchange=ikev2
pfs=yes
compress=no
keyingtries=0
mobike=no
dpdaction=hold
# 2 W
conn N2W
right=a.b.2.1
rightid="W IPSec Server"
rightcert=W_pub.pem
rightsubnet=192.168.10.0/23
leftsubnet=192.168.1.0/24
compress=no
keyingtries=0
auto=start
# 2 E
conn N2E
right=a.b.1.1
rightid="E IPSec Server"
rightcert=E_pub.pem
rightsubnet=192.168.0.0/24
leftsubnet=192.168.1.0/24
compress=no
keyingtries=0
auto=start
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
ipsec.conf from S
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# plutodebug=all
# crlcheckinterval=600
# strictcrlpolicy=yes
# cachecrls=yes
nat_traversal=no
charonstart=yes
plutostart=no
conn %default
# leftupdown=/usr/local/lib/ipsec/_updown.x509.my
authby=rsasig
left=a.b.4.1
leftid="S IPSec Server"
leftcert=S_pub.pem
rightrsasigkey=%cert
leftrsasigkey=%cert
keylife=8h
ikelifetime=2h
rekeymargin=10m
rekeyfuzz=25%
keyexchange=ikev2
pfs=yes
compress=no
keyingtries=0
mobike=no
dpdaction=hold
# 2 E
conn S2E
right=a.b.1.1
rightid="S IPSec Server"
rightcert=S_pub.pem
rightsubnet=192.168.0.0/23
leftsubnet=192.168.11.0/24
compress=no
keyingtries=0
auto=start
# 2 W
conn S2W
right=a.b.2.1
rightid="W IPSec Server"
rightcert=W_pub.pem
rightsubnet=192.168.10.0/24
leftsubnet=192.168.11.0/24
compress=no
keyingtries=0
auto=start
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
More information about the Users
mailing list