[strongSwan] Road warrior connecting to site with multiple subnets?

Michael Riss michael.riss at gmail.com
Wed Jan 4 11:34:34 CET 2017

Hello everyone!

I'm trying to connect road warriors to a site that has several separated
subnets and I want the road warriors to get a virtual IP in each of the
subnets. Is there an elegant way to do this in strongswan?

Currently I made it work with issuing several certificates to the road
warriors - one certificate for each subnet - then strongswan can
individually establish several connections, but it doesn't seem
very elegant because each road warrior needs knowledge about the
subnet structure of the site. I would prefer that the road warriors
just have a single certificate for authentication and that the
specifics of the subnets and virtual IPs are configured on the
VPN-Gateway side. That would make the administration easier. Is that

Best regards,

More information about the Users mailing list