[strongSwan] How to override traffic selectors in swanctl

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Thu Jun 14 21:16:17 CEST 2018


Maybe charon-cmd is more useful for this use case. Other than that, you could script something with vici to create and initiate the configurations programmatically.

Kind regards


On 13.06.2018 22:27, Felipe Arturo Polanco wrote:
> Hi,
> I would like to dynamically create connections to multiple IPSec peers based on a child template.
> One missing piece I still have is how to override the traffic selector of a child connection declared in swanctl.conf
> My child connection has this:
> remote_ts = dynamic[udp/4789],dynamic[icmp] 
> I would like to override this local_ts whenever I run:
> swanctl --initiate --child myipsec1 --source <local_ip> --remote <peer_ip> 
> I would like to add a specific subnet that is accessible through my peer, the equivalent ts would be like this:
> remote_ts = dynamic[udp/4789],dynamic[icmp], <>
> I do have dozens of peers and each has a specific subnet behind them.
> Is there any way of specifying/modifying the traffic selector of a connection child to achieve this? 
> Thanks,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180614/78e48c50/attachment.sig>

More information about the Users mailing list