[strongSwan] Can we configure the multiple IP pools of virtual IP addresses (using VICI of strongswan-5.2.2)?

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Fri Jun 23 14:22:56 CEST 2017 

Just list the pools ip connections.<conn>.pools.
From the Man page:

       connections.<conn>.pools []
              Comma separated list of named IP pools to  allocate  virtual  IP
              addresses  and  other  configuration  attributes from. Each name
              references a pool by name from either the pools  section  or  an
              external pool.

Allocation happens from the first pool to the last pool. Allocation is attempted once per pool.
You can't "skip" pools or something. Allocation/requesition of an address of a pool only fails if it's fully utilized
or if the pool's family is different from the requested virtual IP's family.

You can assign leases in the pool per ID. No idea about limitations of the number of pools.

On 23.06.2017 07:32, Chinmaya Dwibedy wrote:
> Hi ,
> 
> Can anyone please respond to this email ?
> 
> Regards,
> Chinmaya
> 
> 
> On Thursday, June 22, 2017 1:08 PM, Chinmaya Dwibedy <ckdwibedy at yahoo.com> wrote:
> 
> 
> 
> Hi,
> 
> We use the VICI to configure and control the IKE daemon Charon (at IKE Responder end) using strongswan-5.2.2. The load-conn () command is used to so as to load a single connection definition into the daemon. The remote_addrs is configured to “any” to accept the IKE connection request from any peer.
> In pools, can we configure the multiple IP pools of virtual IP addresses? If yes, then how Charon allocates virtual IP addresses to remote clients from different IP pools? Can we ask Charon to allocate virtual IPs from different pools as per our requirements? We want to configure ike_config connection with one name but with multiple IP pools. Is there any limitation how many pools can be configured?
> 
> Thank you in advance for your support and response.
> 
> Regards,
> Chinmaya 
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170623/265c3065/attachment.sig>

More information about the Users mailing list