[strongSwan] Allowing Certain Ranges to use certain PSK in ipsec.secerts
Tobias Brunner
tobias at strongswan.org
Tue Nov 5 18:45:13 CET 2013
Hi Adrian,
> Is it possible to setup ipsec.secrets to allow only certain subnets to
> use certain PSKs
>
> 24.177.*.* : PSK “tempskforme”
>
> Is this at all possible? How can I control which subnets are allowed to
> access my GW?
With the just released strongSwan 5.1.1 this should be possible. This
release allows you to configure
right=<subnet>,<or range>,<or single ips>,<or mixed>
instead of right=%any. Then instead of configuring an IP address in
ipsec.secrets you'd configure a specific leftid for each of your
connections (of course, your clients have to accept/use that ID as
rightid), and then use that ID in ipsec.secrets to select the secret.
Regards,
Tobias
More information about the Users
mailing list