[strongSwan] what's the expression of a range of address?
Thomas Egerer
hakke_007 at gmx.de
Thu Feb 25 13:28:59 CET 2016
Hi Tony,
On 02/25/2016 05:03 AM, Tony.He 賀雙鳳 wrote:
> Hi,
>
> Here is the topology.
> local subnet 192.168.1.0/24 -GW A ---Internet----GW B – local subnet 192.168.2.0/24.
> I want to only allow hosts whose IP addresses in a range to be part of the tunnel. For example, 192.168.1.2-192.168.1.8 are allowed
> in site A and 192.168.2.3-192.168.2.11 are allowed in site B. Can anyone tell me how to configure? Thanks in advance.
>
> Best regards
> Tony
Try playing around with prips [1], this could help you dividing your
ranges into subnets/hosts. They can be configured as list of subnets
in. As for site A you would use
'leftsubnet=192.168.2.3,192.168.2.4/30,192.168.2.8/30'
likewise for site B:
'rightsubnet=192.168.1.2/31,192.168.1.4/30,192.168.1.8'
That's definitely no very convinient way. The alternative, using
firewall rules might come in more handy.
Cheers,
Thomas
[1] http://manpages.ubuntu.com/manpages/raring/man1/prips.1.html
More information about the Users
mailing list