[strongSwan] Setup site-to-site VPN via central server
Martin Sand
dborn at gmx.net
Mon Jul 18 22:33:23 CEST 2016
Thanks a lot, Tobias! Really appreciated.
> I've added some documentation [1].
I read through the hub-and-spoke setup on the internet. Is my setup
actually a hub-and-spoke type? I connect from the gateways directly to
the internet and only the traffic to 192.68.0.0/16 is routed through
VPN. Also the text in [1] mentions A-C whereas the diagram shows A-D. Is
this on purpose?
>> Out of curiosity, how would you configure the server and client if I
>> would like to add vpn-third subnet with 192.168.3.0?
> You'd just add that subnet to the list of remote traffic selectors on
> the clients and as local traffic selector on the server and the client
So this would (or could) result in the following traffic selectors?
## IPs:
Server IP = 192.168.0.1
First GW = 192.168.1.0/24
Second GW = 192.168.2.0/24
Third GW = 192.168.3.0/24
## Server.conf
conn vpn-first
rightsubnet = 192.168.1.0/24
leftsubnet = 192.168.0.0/16
## First-Gateway.conf
conn vpn-first
rightsubnet = 192.168.0.0/16
leftsubnet = 192.168.1.0/24
Best regards
Martin
[1]https://wiki.strongswan.org/projects/strongswan/wiki/SubnetsBehindMoreThanTwoGateways
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160718/ec3901bf/attachment.html>
More information about the Users
mailing list