[strongSwan] multiple addresses for the left|right option
Martin Willi
martin at strongswan.org
Fri Feb 27 10:24:01 CET 2015
Hi,
> I am wondering how the specification of multiple addresses in the left|right option works.
> right=134.111.75.171,134.111.75.172
The right option can take multiple addresses, but only to match the
connection when responding to initiators.
> For example, how many kernel policies I should have seen if I have the
> left with one single address and the right with two specific address
left/right does not directly specify the selectors/policies negotiated,
leftsubnet/rightsubnet does.
leftsubnet/rightsubnet default to %dynamic, which gets replaced
dynamically with the peer endpoints (or an assigned virtual IP). So the
selector does not get extended to what you configure in "right", but
what addresses are used for the IKE exchange (usually just one of them).
If you want to negotiate additional/different selectors, specify them in
leftsubnet/rightsubnet instead.
Regards
Martin
More information about the Users
mailing list