[strongSwan] leftsubnet stanza
Tobias Brunner
tobias at strongswan.org
Wed Jun 5 17:43:21 CEST 2019
Hi Doug,
> leftsubnet = 10.10.10.0/24 10.10.11.0/24 (and tried putting a comma in
> between them but it doesn't like that)
They are separated by commas (read the documentation/man page).
> Is there any way to have multiple subnets on my side on one line?
Depends on the IKE version (it works with IKEv2, and for IKEv1
roadwarriors if they support Cisco's Unity extension, otherwise, you
need separate conn sections [1]), and the peer's implementation (some
IKEv2 implementations don't support narrowing at all, others ignore it
or require manual configuration e.g. via routes).
Regards,
Tobias
[1]
https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#Multiple-subnets-per-SA
More information about the Users
mailing list