[strongSwan] site-to-site vpn

Averlon GmbH (in Gründung) info at averlon.net
Sat Aug 29 15:33:58 CEST 2015

Hi Noel,
Thanks for the reply.
to be honest, I am not sure I can explain in the right words. I will try.

Now, I run an Intranet with several devices. Some Clients, some NAS, some WLAN and the Server.
All should use the 192.168.xxx.0/24 with different subnets for each of the functions.
I run a lancom router which allows me to have four different subnets routed internally. Nice device.

>From my home environment I want to access the server with its internal ip-addres via a vpn-tunnel. Simple explanation: I want to do things I do not want to go through the internet except they are secured via a tunnel.
But the server should also be able to reach the NAS to fetch and store some data there.

Now. My understanding of the vpn tunnel is, that I need to tell the configuration which subnets are to find on the left and right side.
So far so good.

My understanding is also, to address the server e.g. from one of the clients, I need to use a single IP-address like to get there.

Any device on the right side (so my understanding) needs to have an ip-address from the subnet assigned.

But my provider does not allow me to assign an additional ip-address beside the public ip-address the server has anyhow. Naturally, I guess, the server has some internal address as well since I doubt they will put all the servers into their DMZ. But this internal address is not visible to me and will anyhow not be usable for me and, I guess, would not help at all.

It just stroke me a thought. Probably it could be enough to set the right subnet in ipsec.conf to Probably this could already be a solution - but I am not sure.

Please help me on the horse.

Kind Regards
-----Ursprüngliche Nachricht-----
Von: Noel Kuntze [mailto:noel at familie-kuntze.de] 
Gesendet: Samstag, 29. August 2015 15:00
An: Averlon GmbH (in Gründung) <info at averlon.net>; users at lists.strongswan.org
Betreff: Re: [strongSwan] site-to-site vpn

Hash: SHA256

Hello Karl-Heinz,

What makes you think that you need an IP from the left subnet?
What do you want to do with this anyway? Do you want to reach the right subnet from the server?
- -- 

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Version: GnuPG v2


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6184 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150829/ca4b798d/attachment.bin>

More information about the Users mailing list