[strongSwan] Allowing Certain Ranges to use certain PSK in ipsec.secerts

Tue Nov 5 18:22:21 CET 2013

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Adrian,

No, strongSwan doesn't support this specifically.
To control access to your VPN gateway, you can set up a simple firewall, which only allows traffic to/from the corresponding ports and with the corresponding protocols from/to the subnets you want to.

Regards
Noel Kuntze

On 05.11.2013 18:14, Adrian Milanoski wrote:
>
> HI all,
>
> 
>
> Is it possible to setup ipsec.secrets to allow only certain subnets to use certain PSKs
>
> 
>
> 24.177.*.* : PSK “tempskforme”
>
> 
>
> Is this at all possible? How can I control which subnets are allowed to access my GW?
>
> 
>
> 
>
> 
>
> *Regards,***
>
> */ /*
>
> */Adrian Milanoski/*
> Lab Administrator
>
> BBOS WiFI VPN. Security Testing – R&D
>
> 4715 Tahoe Blvd, Mississauga, ON, Canada, L4W 0B5
> Tel.(289) 261-5801 | Fax.(905) 629-7836
> Email amilanoski at blackberry.com <mailto:amilanoski at blackberry.com>**
>
>    
>
> 
>
> 
>
> Description: Description: cid:image001.gif at 01CDFFB4.0099AD80Description: Description: Description: hme_scrn_ind_new_notification_Precsn_Zen_801421_11 <http://www.blackberry.com/>
>
> 
>
> 
>
> 
>
> ---------------------------------------------------------------------
> This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSeSlNAAoJEDg5KY9j7GZYHqIP+wXw+5BxvC6jQ3+SXxK9fUiP
eXbfD7xihaxLj1J2G/kVlNgSEkKgwk0EF6P8vGE06erP0cWNAuTDGp1KE+H2AKW5
E/rrw2CiRHt7aeRM943KsoC4WykSxfZzlbApNk+9e3BSBl2WNH0pq88yI51P3xBi
Vnk1kuksD9xIQmL2eFQlcupd7A1k9O9NhlL7NSZgG+HuMNx1F1emLXmO/FeIdvIR
MGvK3u0E4yxgyAhNJfPwqWnyeZrfanYr2sK6qWYHhWT8quO2WNwbGk741I+v/VZv
5Mmf3p2E90yC3g/UidHHRRsqx+98Q+imfuJKHZAnC7Ja43OgmYdIBicTKFwjMPdp
NcUBHWiy2wmVQDD0lLJ5TT8RweJjpzQ5sTg2Y5a3JIW5rYBCvnI2PT8S3dkHeuxo
DHxIesX2R7pcILgEqHDQeCWIlYurOGUJ3CUXxePVkHDwPIZFrIJt7ARYfG3gwrOM
LaEKBizfJDAtNHirvJDBqVU+/YczZwN7Zha86QheHpZpgC+ZHCdarg/a+pZWmLjV
c+8DtgYmJwamT8+viqcrh2pesGHVRNGjovbzytILGqvDI7x+W6n1DExRL7N1pcB2
VAUqv2O3cIUWfZQztKau1jjcP0e19JVHlUcYcTKMH2/FclHzss/5VH6438YgRdfz
7uSbWZngWdLuGlJ1sc/V
=uVq3
-----END PGP SIGNATURE-----