[strongSwan] how to config multiple specific virtual ips per road warrior on swanctl.conf?

Wed Jan 13 09:31:15 CET 2016

hello,

I got multiple road warriors to logon and get specific virtualip from strongswan. I have been successful got it works with charon/ipsec.conf. unfortunally, debian 8 have been move to systemd, so I have to change from ipsec.conf to swanctl.conf because of charon-systemd. the following is my ipsec.conf on strongswan gateway:

config setup
#    uniqueids=never

#############################################
# ikev2 road warrios pubkey template
#############################################
conn ikev2-rw-pub-template
    keyexchange=ikev2
    left=%defaultroute
    leftauth=pubkey
    #leftfirewall=yes
    leftsubnet=0.0.0.0/0
    leftcert=gw1.jklab.cert.pem
    leftid=gateway1.jklab.qmcc
    right=%any
    rightauth=pubkey
    auto=add

# ikev2 road warrios pubkey linux client
conn ikev2-rw-pub-linux-ssTester
    also=ikev2-rw-pub-template
    #rightdns=192.168.5.12
    rightsourceip=192.168.8.10
    rightid="ssTester at jklab.qmcc"

# ikev2 road warrios pubkey windows7+ client
conn ikev2-rw-pub-win7-chenrui
    also=ikev2-rw-pub-template
    ike=aes256-sha1-modp1024!
    rekey=no
    rightsourceip=192.168.8.2
    rightid="OU=syharman, CN=chenrui at syharman.qmcc"

how to translate it to swanctl.conf?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160113/fb7ca103/attachment.html>