[strongSwan] Questions Regarding setup. Do I really need multiple swan instances?
konnebel at gmx.de
Wed Nov 5 17:10:03 CET 2014
Strongswan Debian Server: 18.104.22.168 AND 22.214.171.124
126.96.36.199 <=> 188.8.131.52
184.108.40.206 <=> 220.127.116.11
X.X.X.X (road warrior) <=> 18.104.22.168
first of all. I know now strongswan, racoon and openswan. And after 5
minute I realised strongswan is the best even openswan is similar to
Strongswan. Thank you ! ;)
For the road warrior I decided to use l2tp in combination with xl2tp which is
working for great for its own.
The Tunnels to both fritzboxes are also running great for its own. All also to
the same time.
But the problem I have is that in some cases the road warriors are also
connected to the LAN @ fritzbox1/2 which is not working because the
preshared key for that ips are different defined.
I thought I can define the ipsec.secrets like that because I thought the
whole line must match for the preshared key. In my tests I saw I am wrong:
22.214.171.124 126.96.36.199 : PSK "fritz1"
188.8.131.52 184.108.40.206 : PSK "fritz2"
220.127.116.11 %any : PSK "other PSK"
The problem I got is, that if I am in the network 18.104.22.168 and 22.214.171.124 I have
to use the psk for fritzbox 1 or 2... not the one for "OTHER PSK".
So I decided to have more than one Strongswan instance (on different IPs
or Ports... I dont care). If I dont want to recompile strongswan I have to use
Strongswan 5.2.1 or newer. Is that right?
Or do I forget a possibility in ipsec which I missed? I hope my problem is
clear enough explained.
I have no question to get the tunnels working itself. This is already working
great. I just have questions how to handle the preshared keys.
Why am I using l2tp? It is widely common and is working without additional
client on iOS, Windows, Android, Linux and MacOS which I really like and has
enough security I think.
Let me know about your thoughts. Hope I broke no rules of the mailing list.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users