[strongSwan] Site to Site VPN - One to Many
Zhuyj
mounter625 at 163.com
Tue May 26 13:48:39 CEST 2015
No, if route table is not configured, policy will not have chance to handle packets.
发自我的 iPhone
> 在 2015年5月26日,19:37,Noel Kuntze <noel at familie-kuntze.de> 写道:
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> It won't, because IPsec on Linux is all policy based.
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
>> Am 26.05.2015 um 13:35 schrieb Zhuyj:
>> Yeah,maybe virtual ip will help.
>>
>>
>> 发自我的 iPhone
>>
>>> 在 2015年5月26日,19:16,Noel Kuntze <noel at familie-kuntze.de> 写道:
>> Hello,
>>
>> No, not so easily. You either have to map one of those networks onto another subnet with iptables or use marks to differentiate the traffic.
>>
>> Mit freundlichen Grüßen/Kind Regards,
>> Noel Kuntze
>>
>> GPG Key ID: 0x63EC6658
>> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>>
>>>>> Am 26.05.2015 um 13:15 schrieb mgundes:
>>>>> Zhuyj and Noel, thank you.
>>>>>
>>>>> Zhuyj, regarding route table, what if some different private networks have same subnets? I mean if two organizations have 192.168.2.0/24 <http://192.168.2.0/24> network than would it be possible to properly set route table?
>>>>>
>>>>> Thanks.
>>>>>
>>>>> On Tue, May 26, 2015 at 2:05 PM, Zhuyj <mounter625 at 163.com <mailto:mounter625 at 163.com>> wrote:
>>>>>
>>>>> Pay attention to route table.
>>>>>
>>>>>
>>>>> 发自我的 iPhone
>>>>>
>>>>>> 在 2015年5月26日,18:42,Noel Kuntze <noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>> 写道:
>>>>> Hello,
>>>>>
>>>>> Yes, that is possible. Simply create different conn sections.
>>>>>
>>>>> Mit freundlichen Grüßen/Kind Regards,
>>>>> Noel Kuntze
>>>>>
>>>>> GPG Key ID: 0x63EC6658
>>>>> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>>>>>
>>>>>>>> Am 26.05.2015 um 10:39 schrieb mahmut g:
>>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>>
>>>>>>>> I need to connect many servers in different private networks. My application should connect and gets data from many(4 or 5) services on that servers. However, I need to create VPN to those network to be able to connect those server. For instance one of the private networks has Cisco 3845 router as vpn hardware and another use some other solution etc.
>>>>>>>>
>>>>>>>>
>>>>>>>> Those private networks are different organizations. I am not good at IPSec and VPN issues, I wonder If it is possible to connect more than one private network from single Linux VPS machine with strongswan?
>>>>>>>>
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>>
>>>>>>>> Regards.
>>>>>>>>
>>>>>>>>
>>>>>>>> Mahmut
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Users mailing list
>>>>>>>> Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
>>>>>>>> https://lists.strongswan.org/mailman/listinfo/users
>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Users mailing list
>>>>>> Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
>>>>>> https://lists.strongswan.org/mailman/listinfo/users
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Mahmut Gündeş
>>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJVZFr3AAoJEDg5KY9j7GZY008QAJjjg+DcFBwy8Kaye9eNez67
> uviweVhoaOWQZyCliXyvUl2v6cXVGH6ZWJHbKZi0T943+tsMWAMPCPj01BrJzNTx
> eROuPrlwh82IE7mE5dAEvl7qa2+XTNpC7lau8unH1XG+KJYGni2WW5j+3v2keNyz
> qdRg19IB8kfqc4l723SIn5l69UM8z+ful4LozLsBFR+7Ow5lqjuy80b5mHP0dQ3+
> MiDeIVit5h+jj8FgXU4G6AwrpnR5JaMFefvCqKQxFaqNxx085L2fcRbWD+5mpgAE
> GTL/CPI8CdAdoXwFTMnrA4foKL+28OxBgWeNIJdCWl+L+q5dpSKCCgzVuWbBq9N5
> k5hZk7M7jzaNJsOthdeyPj8nUooM82BgrOc3aLJSWe50v5bWAE+OcFT689I6X51P
> 9NvwoJqtvwbLG0zGSCQLN3dfLkxV5hOnx9TX8ccLmpdD0FbIlB0qk4MDJg4/evKt
> 5njCw9kKHun7W9dIh19UZZDXxNWaSuywjB7ap1XQfbCVn5OhiswQl4a897npWcRR
> qosSGNQZirLKfduSxmaDmyOZvTqAJPEeWCCsVDk/1QaKnaFLstgyzQnicAzURLkS
> A9HJC4NMScawBEOm5kKLPuBD72oy53JAGrWl8AR0Q5CKStamnSepdil3f+AGFk+U
> 0mImr7BrVNe2E/BUDqiW
> =SdoM
> -----END PGP SIGNATURE-----
>
More information about the Users
mailing list