[strongSwan] dynamic traffic selectors
Arvid E. Picciani
aep at exys.org
Wed Apr 30 13:51:38 CEST 2014
Hey,
i gave up trying to get transport mode working with NAT. Tunnel mode
works fine.
However, i need a way to dynamically change which tunnel some ips are
in.
Our setup is like
[ endpoint1 ] [ endpoint2 ]
| | | | | |
| | | | | |
| | | | | |
[ gw1 ] [ gw2 ] [ gw3 ] ....[ gw4 ] [ gw5 ] [ gw6 ]
| |
user ----> moves here ^
Let's say a user (100.64.1.100) is on gw1, which has a tunnel
100.64.1.0/24 == 0.0.0.0/0
so the traffic selector on endpoint1 puts everything 100.64.1.0/24 to
gw1
when the user moves to gateway gw3, and _keeps_ its ip (yes this
happens)
i need a way to change the traffic selector for the gw1 tunnel to
exclude that ip,
and include it in the one for gw3.
Any idea if this is possible? I could specify all 255 addresses in the
selector, and change it via stroke, but something tells me this will
cause interruptions.
More information about the Users
mailing list