My scenario is VMs behind the roadwarrior(carol) reaching gateway(moon)'s
subnets (alice).
1. carol to moon subnets - this works correctly as a point2site network.
2. carol - has a KVM libvirt 192.168.122.0/24 network totally unknown to
moon. I want these VMs to reach the subnets behind moon
Yes, you can use username and password. In this tutorial, the
strongSwan server authenticates with a certificate, and the various
clients authenticate with a user name and password:
http://xpu.ca/strongswan-ubuntu/
This procedure was tested on an Amazon EC2 t2.micro instance running
Ubuntu
hi all,
im trying to create an ikev2 server but this how-to guide says i need to
create certs for the server and client, can i just not use normal username
and password for authentication?
https://raymii.org/s/tutorials/IPSEC_vpn_with_CentOS_7.html
many thanks,
rob
--
Regards,
Robert K Wild.
Hello,
I'm trying to set up an ikev2/host2host-ah connection according to
https://www.strongswan.org/testing/testresults/ikev2/host2host-ah/index.html
page.
The connection is successfully established when I'm using the aesxcbc
integrity algorithm (as in the example).
See
Hi Richard,
the table 220 source IP routing rule applies to packets originating
from the VPN gateway itself, only . If you want roadwarriors from a
subnet behind the GW to assume this address then you have to NAT them
to the GW's address. Since the table 220 rule usually maps the GW's
source