[strongSwan] The PLAN --- Can we get this done with strongSwan ?
noel at familie-kuntze.de
Tue Nov 25 19:09:00 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
This can be done, however you need to take into account, that you might have to add routes to your managed
networks if the strongSwan server in your LAN isn't the default router.
See  for all the needed information.
As Tobias wrote, you will do very well with having different networks on the different locations or you'd
have to fiddle around with the NETMAP target in iptables to map conflicting networks onto other subnets.
To realize this, you could use a distinct IP range for your moon boxes and assign them an IP from a static
pool in strongSwan using virtual IPs. The local traffic selector on SUN would be your LAN and the remote traffic
selector would be 0.0.0.0/0. On the moon boxes, the local traffic selector would be the LAN and %dynamic, if
that configuration is allowed. In you own LAN, the distinct IP range for the moon boxes would be routed over SUN
and authentication would be done with certificates and a trusted CA.
This description of a configuration is based on  and .
Mit freundlichen Grüßen/Regards,
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 25.11.2014 um 11:46 schrieb Matthew Ferry [PITSDC]:
> Good Morning. I posted a message/Issue in the Bug Tracker system the other day.
> I am looking for some help getting started.
> I have a project that I think strongSwan will be perfect for.
> I have looked at examples, but am overwhelmed with options and possibilities.
> Here is a URL to the posting I made:
> IN REPLY to Tobias Brunner's comment ---
> Each location can have its own subnet. I would like to management this IP plan from one central location.
> The number of needed IPs will change based on the location.
> Thanks for any input.
> I am looking forward to moving forward quickly.
> Users mailing list
> Users at lists.strongswan.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the Users