Hi Michael, Sorry, I can't help much with strongSwan.
You will want to enable NAT-T (UDP transport) and you possibly may not need Virtual IP's as routing the local LAN's from each box may work. That's all my strongSwan knowledge. Using "IPsec Peers" is easier, but requires static IP endpoints all around unless you use certificates as tunnel identity. Sadly, internet research is your best option configuring strongSwan. Lonnie > On Oct 4, 2019, at 10:04 PM, Michael Knill > <michael.kn...@ipcsolutions.com.au> wrote: > > Hi Group > > I need to set up IPSEC tunnels from multiple Astlinux Clients to an Astlinux > Server (initial testing). Eventually the server will be VMware NSX. > I'm looking at all the config examples and have spent ages trying to > understand how it works but I'm still not quite there. Sorry for my > inexperience with IPSEC. > > I want to use strongSwan and the scenario is as follows: > • Server is Astlinux (initially for testing) with a static Public IP > • Clients require access to the server side LAN to Asterisk servers > • There is no connectivity between IPSEC tunnels. > • The Client is Astlinux with failover e.g. multiple paths which may or > may not be behind NAT > • No access to the Client local LAN is required e.g. only to the local > Astlinux box itself > > My assumption is that I will need to use Virtual IP’s but I am not sure how > to set this up? > They will all need to be static as well e.g. not negotiated. > > Can anyone kick me off. > Thanks so much all. > > Regards > Michael Knill > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
