[strongSwan] Is IPv6 generic transport mode config based on subnet possible?
Keith Kaple
kak at cisco.com
Tue Feb 26 14:39:50 CET 2013
I hope the wording of my question made sense..
Another way to ask it is: "Can outbound traffic selectors be based on destination subnets without a specific 'right' address?" If so, how does one configure that to trigger charon into action when packets are innitiated to that subnet?
thanks,
Keith
On Mon, Feb 25, 2013 at 10:59:06AM -0500, Keith Kaple wrote:
> Is it possible with strongswan to setup a generic conn entry for transport mode to any host in a particular subnet for IPv6?
>
> Something like:
>
> conn gtrans
> left=2001:420:27ff:fff7:250:566f:fe92:5f44
> leftcert=cert.pem
> leftfirewall=yes
> right=%any
> rightallowany=yes
> rightid=%any
> type=transport
> auto=route
>
>
> Where right is any IP address in the 2001:420 subnet and left is traffic orginating from a particular IP on the local host.
>
> I've tried right=%any, rightsubnet=2001:420::0/96, etc. but the daemon log always has "installing trap failed, remote address unknown" and IKEv2 negotiation never occurs when I trying pinging.
>
>
> thanks,
>
> Keith
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list