[strongSwan] is this scenario supported by strongswan?

gustavo panizzo (gfa) gfa at zumbi.com.ar
Tue Oct 14 02:13:30 CEST 2014


i want to know if strongswan running on a linux server can support this

- android phones using native client, and configured as ipsec rsa xauth
(x509+Xauth), all traffic should be routed over the vpn

- mikrokit router, configured as ipsec rsa, behind a dynamic ip but not
nat (adsl), not all traffic should be routed over vpn.
router will nat is clients into the vpn

- remote workstation running linux behind nat, not all traffic should be
routed over vpn, but it should allow connections from other vpn client

- laptop running linux, most of the time behind nat, it may or may not
need to route all the traffic over vpn, it needs to be able to connect
to the remote workstation over the vpn

i don't need to reach any network behind the strongswan server, just one
virtual interface where some services are going to run, and be default
gateway for the phones.
i want to use x509 certificates for all clients, except android which
forces me to use x509+Xauth

i have tried with other tools and all fail somewhere, i want to know if
strongswan can do all this for me running on a single server, on a
single instance with a single pool of ip


1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333

More information about the Users mailing list