[strongSwan] How to override traffic selectors in swanctl
Felipe Arturo Polanco
felipeapolanco at gmail.com
Wed Jun 13 22:27:16 CEST 2018
Hi,
I would like to dynamically create connections to multiple IPSec peers
based on a child template.
One missing piece I still have is how to override the traffic selector of a
child connection declared in swanctl.conf
My child connection has this:
remote_ts = dynamic[udp/4789],dynamic[icmp]
I would like to override this local_ts whenever I run:
swanctl --initiate --child myipsec1 --source <local_ip> --remote <peer_ip>
I would like to add a specific subnet that is accessible through my peer,
the equivalent ts would be like this:
remote_ts = dynamic[udp/4789],dynamic[icmp],172.16.35.0/24
I do have dozens of peers and each has a specific subnet behind them.
Is there any way of specifying/modifying the traffic selector of a
connection child to achieve this?
Thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180613/3a87a11a/attachment.html>
More information about the Users
mailing list