[strongSwan] Road warrior connecting to site with multiple subnets?
Noel Kuntze
noel at familie-kuntze.de
Wed Jan 4 19:41:25 CET 2017
On 04.01.2017 11:34, Michael Riss wrote:
> I'm trying to connect road warriors to a site that has several separated
> subnets and I want the road warriors to get a virtual IP in each of the
> subnets. Is there an elegant way to do this in strongswan?
Yes, just assign several. If the client requests multiple, you can respond with several.
However, that doesn't make sense, because IPsec doesn't offer a broadcast domain,
which the client could be connected to or that could be bridged to a LAN.
The best practice is to assign roadwarriors IPs from a specific subnet whose only
purpose is to address roadwarriors from.
--
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170104/501c87eb/attachment.sig>
More information about the Users
mailing list