[strongSwan] site-to-site vpn

Averlon GmbH (in Gründung) info at averlon.net
Sat Aug 29 15:33:58 CEST 2015 

Hi Noel,
Thanks for the reply.
to be honest, I am not sure I can explain in the right words. I will try.

Now, I run an Intranet with several devices. Some Clients, some NAS, some WLAN and the Server.
All should use the 192.168.xxx.0/24 with different subnets for each of the functions.
I run a lancom router which allows me to have four different subnets routed internally. Nice device.

>From my home environment I want to access the server with its internal ip-addres via a vpn-tunnel. Simple explanation: I want to do things I do not want to go through the internet except they are secured via a tunnel.
But the server should also be able to reach the NAS to fetch and store some data there.

Now. My understanding of the vpn tunnel is, that I need to tell the configuration which subnets are to find on the left and right side.
So far so good.

My understanding is also, to address the server e.g. from one of the clients, I need to use a single IP-address like 192.168.113.150 to get there.

Any device on the right side (so my understanding) needs to have an ip-address from the subnet 192.168.113.0/24 assigned.

But my provider does not allow me to assign an additional ip-address beside the public ip-address the server has anyhow. Naturally, I guess, the server has some internal address as well since I doubt they will put all the servers into their DMZ. But this internal address is not visible to me and will anyhow not be usable for me and, I guess, would not help at all.

It just stroke me a thought. Probably it could be enough to set the right subnet in ipsec.conf to 192.168.113.150/32. Probably this could already be a solution - but I am not sure.

Please help me on the horse.

Kind Regards
Karl-Heinz
-----Ursprüngliche Nachricht-----
Von: Noel Kuntze [mailto:noel at familie-kuntze.de] 
Gesendet: Samstag, 29. August 2015 15:00
An: Averlon GmbH (in Gründung) <info at averlon.net>; users at lists.strongswan.org
Betreff: Re: [strongSwan] site-to-site vpn


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Karl-Heinz,

What makes you think that you need an IP from the left subnet?
What do you want to do with this anyway? Do you want to reach the right subnet from the server?
- -- 

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJV4azFAAoJEDg5KY9j7GZYO8gQAIpoejsKorRUazfU9/oo0lcd
yfJVXSRI4uPKOl/7Iq9bASlT+/z3BwmggbWLxXQBh2ibUe/iUPfHybOM5hc3vDUX
2wimcbbFcMmzkFDrKXpnuWfCov4m6BvTnlmBbA0CVzHLf9jEbx3wFjEiHQXuixEY
JHnLGKa1Z7xAEGpFRgsruT/qA7QpE6dKlXZpYQRP0Tkzgk5Z7vlyTyeTWaiEpWsN
65iYJvfDEb2w1aKCIXqW/U0KdRFoVP1eSjetp/FujIoZLj804nTt1XTEbzPMWsX9
R5Gup0lI6Bka7nAFdUoKn1qaztwhXdSoYJ80AizmbjrSDXKE2phaMCXykP6XuxED
YLiVyIsoMeAm0Xf6gGZA2t1kMZ0QxNmD0GmpB6w80GFH2spiogCwK4mLBJvp2PsN
Lp6T5jTX28HLzpcXEH9pcSO4u6q3+dGPX0Vb0P1PKR++0ONVHm6gH689DyyFalOq
yMQzxhBtLTy+9UbVkm1bU9+rL5Dq51KkcQIl02n6ATwhy85KAK5KALFmzMpFZttm
CX3kgFYqA9vRuLieMcXi8AgQRGUzY2Cb02H+ETkmEE1xyikYSVJIiaCe6851GrAd
3Uc00amMv3ZmMRGs2RsHt2Zt6LdEIRU9vpG0HDYzqVP+kezW6plyeP2ZkrPKzYAh
bNesjCMrXZ+BsVYElj74
=aqUx
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6184 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150829/ca4b798d/attachment.bin>

More information about the Users mailing list