[strongSwan] many to one scenario

Kalezwar Hallikerimath kalez618 at gmail.com
Mon Nov 14 14:10:57 CET 2016 

I have two 32 bit Ubuntu running on VMware on a windows 7 host. I followed
the steps given in
IPSEC VPN on Ubuntu 15.04 with StrongSwan
​ (​https://raymii.org/s/tutorials/IPSEC_vpn_with_Ubuntu_15.04.html ) to
install Strongswan.
I need help with a scenario which is a little similiar to issue:1518 (
https://wiki.strongswan.org/issues/1518);
that is, I want to have IPsec tunnels from
multiple
​IPs ​each
to be established from Ubuntu
​2(client)
 to a single IP on Ubuntu
​1(server),​
​ ( like : many to one ; tunnels to a concentrator ). Is this possible? If
so, please help me.
My ipsec.conf are attached.​
​Ubuntu 1 (SERVER): 192.168.157.131
​Ubuntu 2 (SERVER): 192.168.157.132
Thank You

​

*KALESH*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161114/f3b595eb/attachment.html>
-------------- next part --------------
​#CLIENT SIDE (multiple IPs)
config setup
	cachecrls=no
        strictcrlpolicy=ifuri
        uniqueids=keep
conn %default
        reauth=no
        rekey=no
        dpdaction=none
        mobike=no
        keyingtries=%forever
        keyexchange=ikev2
	esp=aes-sha1!
        auto=start
conn 0_192_168_157_132
		# -- Local --
		left=192.168.157.132
		leftauth=psk
		leftsourceip=%config
		# -- Peer --
		right=192.168.157.131
		rightauth=psk
		auto=start
conn 0_192_168_157_133XXXXXX
		# -- Local --
		left=192.168.157.133
		leftauth=psk
		leftsourceip=%config
		# -- Peer --
		right=192.168.157.131
		rightauth=psk
		auto=start

conn 0_192_168_157_2
		# -- Local --
		left=192.168.157.2
		leftauth=psk
		leftsourceip=%config
		# -- Peer --
		right=192.168.157.131
		rightauth=psk
		auto=start
conn 0_192_168_157_3
		# -- Local --
		left=192.168.157.3
		leftauth=psk
		leftsourceip=%config
		# -- Peer --
		right=192.168.157.131
		rightauth=psk
		auto=start
-------------- next part --------------
# SERVER SIDE
config setup
	# strictcrlpolicy=yes
	# uniqueids = no
conn %default
	reauth = no
	rekey = no
	dpdaction = none
	keyingtries = %forever
	keyexchange = ikev2
	ike = modp2048
	esp = aes-sha1!
	mobike = no 
	auto = add
conn new_connection_1
	left = 192.168.157.131
	leftauth = psk
	#right = 192.168.157.132
	right = %any
	rightauth = psk

More information about the Users mailing list