[strongSwan] Site to multi-site configuration questions

Jason Hilton Jason.Hilton at aaae.org
Thu Mar 14 16:55:09 CET 2013


Hi-
I'm new to the list and VPNs in general and have a few questions to make sure I'm understanding the documentation.  I want to set up a single StrongSwan server to multiple (26) Cradlepoint broadband routers in a Site to Site configuration.  Is this possible?  I am looking at the configuration samples, specifically the Site-to-Site example using PSK and IPv4.  It appears the Cradlepoint only supports these two options.  Can I adapt this configuration to work for my scenario by simply adding more conn definitions for each Cradlepoint?  If so, can I simplify things by defining my left side configuration settings in the conn %defaults section and then just the right side settings in the individual conn definitions for each unit?  Is there a way to make the right side settings generic enough to allow a single conn definition that would let all remote units connect?  Maybe a wild card or a way to specify multiple IPs in the right= line?

Also, has anyone out there used Cradlepoint routers with StrongSwan?  Are there any tips or tricks that I should know about?  I'm using the COR series routers, but it appears that all of their firmware is the same for most of their product line, so experiences with different models should still help.

Also, I see that both the StrongSwan and Cradlepoint documentation state that the connections can be set to be "dormant" until there is actually data to be sent.  This application is for an emergency notification system, so ideally the VPN network would never be used, so it would be desirable for the connections to operate this way.  How reliable is this?  Would I set both sides to go dormant or only one side?

Thanks, any help will be greatly appreciated,
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130314/386b5a14/attachment.html>


More information about the Users mailing list