[strongSwan] net2net ikev1 authentication and routing
Moritz Herrmann
moritz.herrmann at schirmherrschaften.de
Fri Sep 27 00:05:26 CEST 2013
Hi
hopefully someone can throw me in the right direction because I have
some problems setting up a VPN net2net configuration.
I'm useing strongswan 4.5.2 with pluto
config from the left side; rightside is nearly identical except the
subnets are inverted
# ipsec.conf - strongSwan IPsec configuration file
conn net-net
auto=add
left=%defaultroute
leftsubnet=192.168.10.0/24
leftfirewall=yes
right=%any
rightsubnet=192.168.1.0/24
keyexchange=ikev1
ike=aes128-sha-modp1536
esp=aes128-sha1-modp1536
mobike=no
authby=secret
keylife=20m
rekeymargin=3m
dpddelay=1m
dpdtimeout=3m
dpdaction=clear
The first problem is the authentication. Is there a way to generalize
the rightsubnet-definition to accept any subnet for auth? We have 4
different subnets on the right side. 192.168.1.0/24, 192.168.2.0/24,
192.168.3.0/24, 192.168.4.0/24
The next thing is the routing. If I Ping from the right side a host
within the network of the leftside I have to set the route for the
right side subnet manualy on the specific host dispite the fact that
the vpn gateway on the left site is the default gateway.
Any help would be nice because I in free fall here.
Thank in advance!
moe
More information about the Users
mailing list