[strongSwan] How to override traffic selectors in swanctl
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Thu Jun 14 21:16:17 CEST 2018
Hi,
Maybe charon-cmd is more useful for this use case. Other than that, you could script something with vici to create and initiate the configurations programmatically.
Kind regards
Noel
On 13.06.2018 22:27, Felipe Arturo Polanco wrote:
> Hi,
>
> I would like to dynamically create connections to multiple IPSec peers based on a child template.
>
> One missing piece I still have is how to override the traffic selector of a child connection declared in swanctl.conf
>
> My child connection has this:
> remote_ts = dynamic[udp/4789],dynamic[icmp]
>
> I would like to override this local_ts whenever I run:
> swanctl --initiate --child myipsec1 --source <local_ip> --remote <peer_ip>
>
> I would like to add a specific subnet that is accessible through my peer, the equivalent ts would be like this:
> remote_ts = dynamic[udp/4789],dynamic[icmp],172.16.35.0/24 <http://172.16.35.0/24>
>
> I do have dozens of peers and each has a specific subnet behind them.
>
> Is there any way of specifying/modifying the traffic selector of a connection child to achieve this?
>
> Thanks,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180614/78e48c50/attachment.sig>
More information about the Users
mailing list