[strongSwan] Static IP addresses to roadwarriors
ashwin.shirvanthe at gmail.com
Wed Aug 7 11:36:06 CEST 2013
I have about fifty roadwarriors that use my strongswan powered VPN proxy. I
would like to assign static IP address (IPv4) to each roadwarrior that
internally uses IKEv1 to tunnel their traffic through my server.
According to the documentation, the ipsec pool utility can be used for this
purpose [ http://wiki.strongswan.org/projects/strongswan/wiki/IpsecPool ].
I have the following questions about ipsec pool and assigning static IP
addresses to these roadwarriors:
1) I would like to know if there are any other way apart from enabling
attr-sql-plugin to maintain a static mapping between a roadwarrior clients
identifier (credentials) and the IP address assigned to it by Strongswan
2) If I have to use the attr-sql-plugin will ipsec read all the
configurations such as entries in the ipsec.conf, ipsec.secrets, and
strongswan.conf from the respective files or do I have to move the entries
present in these files to the database?
3) I would like to know if I can dynamically add new entries, i.e, mapping
between new roadwarriors and ip addresses to this file or any other file
that can be used for this purpose, without restarting ipsec. I would like
to know if ipsec rereadall shall do the trick if I add new entries to this
My ipsec.conf is as follows. I do not want to add a new conn entry for each
roadwarrior. I tried this once, but it increased the connection
#charondebug=4 # UNCOMMENT TO ENABLE DEBUGGING
# Add connections here.
# Sample VPN connections
Thanks and Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users