[strongSwan] Can we configure the multiple IP pools of virtual IP addresses (using VICI of strongswan-5.2.2)?

Chinmaya Dwibedy ckdwibedy at yahoo.com
Sat Jun 24 19:09:03 CEST 2017 

Thank you Noel for your response.

Sent from Yahoo Mail on Android 
 
  On Fri, Jun 23, 2017 at 5:53 PM, Noel Kuntze<noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:   Just list the pools ip connections.<conn>.pools.
>From the Man page:

      connections.<conn>.pools []
              Comma separated list of named IP pools to  allocate  virtual  IP
              addresses  and  other  configuration  attributes from. Each name
              references a pool by name from either the pools  section  or  an
              external pool.

Allocation happens from the first pool to the last pool. Allocation is attempted once per pool.
You can't "skip" pools or something. Allocation/requesition of an address of a pool only fails if it's fully utilized
or if the pool's family is different from the requested virtual IP's family.

You can assign leases in the pool per ID. No idea about limitations of the number of pools.

On 23.06.2017 07:32, Chinmaya Dwibedy wrote:
> Hi ,
> 
> Can anyone please respond to this email ?
> 
> Regards,
> Chinmaya
> 
> 
> On Thursday, June 22, 2017 1:08 PM, Chinmaya Dwibedy <ckdwibedy at yahoo.com> wrote:
> 
> 
> 
> Hi,
> 
> We use the VICI to configure and control the IKE daemon Charon (at IKE Responder end) using strongswan-5.2.2. The load-conn () command is used to so as to load a single connection definition into the daemon. The remote_addrs is configured to “any” to accept the IKE connection request from any peer.
> In pools, can we configure the multiple IP pools of virtual IP addresses? If yes, then how Charon allocates virtual IP addresses to remote clients from different IP pools? Can we ask Charon to allocate virtual IPs from different pools as per our requirements? We want to configure ike_config connection with one name but with multiple IP pools. Is there any limitation how many pools can be configured?
> 
> Thank you in advance for your support and response.
> 
> Regards,
> Chinmaya 
> 
> 
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170624/aad3e0ca/attachment.html>

More information about the Users mailing list