[strongSwan] Connecting two right subnets
Lars
strongswan at chewie.de
Fri Nov 4 18:58:53 CET 2016
Hello all,
I've set up a gateway using StrongSwan 5.3 and IKEv1. Road-Warriors that
connect to this gateway receive virtual IP addresses from the 192.168.2.0/24
subnet. Additionally, two Routers with the subnets 192.168.1.0/24 and
192.168.0.0/24 are connected to the gateway.
>From a road-warrior I can reach clients in all three subnets. What I can't do
is reaching clients in the 192.168.1.0/24 subnet from the 192.168.0.0/24
subnet (and vice-versa). This makes sense because no child SA for
192.168.1.0/24 == 192.168.0.0/24 is installed.
If I understand the documentation correctly, I will have to add something like
this to the ipsec.conf
conn Net2Net
left=LEFTIP
right=RIGHTIP
leftsubnet=192.168.1.0/24
rightsubnet=192.168.0.0/24
...
My problem is that LEFTIP and RIGHTIP are dynamic IPs (the routers initiate
the connection), so I can't really fill in a IP addresses there. Does anybody
of you know how I can tell strongswan to connect the two subnets once both
routers have established their connection?
(I know that I might could use some kind of dyndns service to resolve the
dynamic IP addresses. But I would like to be independent of external services
if possible.)
Thanks for your help!
Lars
More information about the Users
mailing list