Hello Carlos,
you can define as many networks as you like:
conn client_card_trans
left=XXX.160.208.130
leftid=XXX.160.208.130
right=XXX.7.199.162
rightid=XXX.7.199.162
dpdaction=restart
keyexchange=ikev1
ike=aes256-sha1-modp1024
esp=3des-md5
pfsgroup=modp1024
authby=secret
conn net1
also=client_card_trans
leftsubnet=172.31.0.0/24
rightsubnet=XXX.7.197.253/32
auto=start
conn net2
also=client_card_trans
leftsubnet=10.10.15.3/32
rightsubnet=172.31.4.0/24
auto=start
First one IKE_SA between XXX.160.208.130 and XXX.7.199.162
is created during Main Mode and then two Quick Modes
follows which set up the IPsec SAs for the subnets.
Regards
Andreas
On 11/12/2010 12:49 PM, Carlos Xavier wrote:
> Hi.
> I got the following configuration up and running with Pluto.
>
> conn client_card_trans
> left=XXX.160.208.130
> leftsubnet=172.31.0.0/24
> leftid=XXX.160.208.130
> right=XXX.7.199.162
> rightsubnet=XXX.7.197.253/32
> rightid=XXX.7.199.162
> dpdaction=restart
> keyexchange=ikev1
> ike=aes256-sha1-modp1024
> esp=3des-md5
> pfsgroup=modp1024
> authby=secret
> auto=start
>
> Now we need to add trafic comming by the right side from the network
> 172.31.4.0/24 and of the host
> 10.10.15.3/32.
>
> I know on Firewall1 it is possible because you create one group of objects
> and define it as a
> encryption domain, then they will use the same tunnel.
>
> Is that possible to route multiple networks on the same tunnel with
> StrongSwan?
> How can I make this configuration on StrongSwan?
>
> Regards,
> Carlos.
======================================================================
Andreas Steffen [email protected]
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
