[strongSwan] Host to Network IPSec PSK Vpn tunnel
Noel Kuntze
noel at familie-kuntze.de
Thu Mar 16 18:36:08 CET 2017
On 16.03.2017 07:29, Muhammad Yousuf Khan wrote:
>
> There is a requriment from our client that we need a ipsec tunnel for communication.
> as per our experience with Openvpn we can do that very easily however IPsec works very differently therefore i need your assistence.
Policy based IPsec (which is used by default with strongswan) doesn't require special network devices.
Traffic is protected transparently on the physical interface. There's no problem with routing.
> now here is the confusion part leftsubnet is technically called encryption domain in Cisco.
> so how come my public IP of a cloud VM can be in both role as remote peer and encryption domain? this is very confusing part.
IKE packets are excepted from IPsec processing. Anything else is subject to it. It works without adding special routes
to the routing table(s).
--
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170316/21f74d0f/attachment.sig>
More information about the Users
mailing list