> Am 05.10.2019 um 14:48 schrieb Lonnie Abelbeck <li...@lonnie.abelbeck.com>: > > Hi Michael, > > Sorry, I can't help much with strongSwan. > > You will want to enable NAT-T (UDP transport) and you possibly may not need > Virtual IP's as routing the local LAN's from each box may work. > > That's all my strongSwan knowledge. Using "IPsec Peers" is easier, but > requires static IP endpoints all around unless you use certificates as tunnel > identity. > > Sadly, internet research is your best option configuring strongSwan. > > Lonnie
Hi Michael, we implemented strongSwan because of the massive distribution of the AVM Fritzbox routers here in Germany (and other parts of Europe) to support their internal IPsec VPN. But it is quite complicated and no fun - garanteed. If you do need really need it for specific reasons, I would suggest to use OpenVPN or WireGuard instead! >> On Oct 4, 2019, at 10:04 PM, Michael Knill >> <michael.kn...@ipcsolutions.com.au> wrote: >> >> Hi Group >> >> I need to set up IPSEC tunnels from multiple Astlinux Clients to an Astlinux >> Server (initial testing). Eventually the server will be VMware NSX. >> I'm looking at all the config examples and have spent ages trying to >> understand how it works but I'm still not quite there. Sorry for my >> inexperience with IPSEC. >> >> I want to use strongSwan and the scenario is as follows: >> • Server is Astlinux (initially for testing) with a static Public IP >> • Clients require access to the server side LAN to Asterisk servers >> • There is no connectivity between IPSEC tunnels. >> • The Client is Astlinux with failover e.g. multiple paths which may or >> may not be behind NAT >> • No access to the Client local LAN is required e.g. only to the local >> Astlinux box itself >> >> My assumption is that I will need to use Virtual IP’s but I am not sure how >> to set this up? >> They will all need to be static as well e.g. not negotiated. >> >> Can anyone kick me off. >> Thanks so much all. >> >> Regards >> Michael Knill Michael http://www.mksolutions.info _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
