[strongSwan] How to select a specific conn
Robert Dahlem
Robert.Dahlem at gmx.net
Thu Dec 27 10:35:28 CET 2018
Hello,
I'm totally new to strongSwan. I am running strongSwan 5.5.1 on Debian
Stretch. As a first step I set up a test scenario with IKEv1 and PSK in
my private network. strongSwan is at 192.168.1.15
/etc/ipsec.secrets:
192.168.1.15 : PSK "totallysecret"
dahlem : XAUTH "secrettoo"
/etc/ipsec.conf
config setup
uniqueids=never
conn %default
compress=no
dpdaction=clear
conn vpnserver
auto=add
leftauth=psk
rightauth=psk
rightauth2=xauth
rightsourceip=172.28.1.0/24
The client is an Android device in 192.168.1.0/24 with these settings:
Type: IPSec Xauth PSK
Server address: 192.168.1.15
IPSec identifier: (not used)
IPSec pre-shared key: totallysecret
Username: dahlem
Password: secrettoo
Everything works fine so far. Now I would like to introduce a second
configuration, lets say:
conn vpnserver2
[...]
rightsourceip=172.28.2.0/24
How do I get the client to choose that second configuration? I could
probably use the "IPSec identifier", but that would force me to enable
aggressive mode, which seems to be frowned upon.
And how do I get the server to use a different PSK? In other words: what
makes the connection between something in "conn" and a specific entry in
ipsec.secrets?
Kind regards,
Robert
More information about the Users
mailing list