Thanks Guys for your help.
I think I'm nearly there, I just need some more pieces to the puzzle.
I guess I need to weigh up whether I try to get this working or just build my
own firewall in a VM using Astlinux or something else (currently sounds
tempting).
Regards
Michael Knill
On 5/10/19, 11:06 pm, "Michael Keuter" <li...@mksolutions.info> wrote:
> Am 05.10.2019 um 14:48 schrieb Lonnie Abelbeck
<li...@lonnie.abelbeck.com>:
>
> Hi Michael,
>
> Sorry, I can't help much with strongSwan.
>
> You will want to enable NAT-T (UDP transport) and you possibly may not
need Virtual IP's as routing the local LAN's from each box may work.
>
> That's all my strongSwan knowledge. Using "IPsec Peers" is easier, but
requires static IP endpoints all around unless you use certificates as tunnel
identity.
>
> Sadly, internet research is your best option configuring strongSwan.
>
> Lonnie
Hi Michael,
we implemented strongSwan because of the massive distribution of the AVM
Fritzbox routers here in Germany (and other parts of Europe) to support their
internal IPsec VPN.
But it is quite complicated and no fun - garanteed. If you do need really
need it for specific reasons, I would suggest to use OpenVPN or WireGuard
instead!
>> On Oct 4, 2019, at 10:04 PM, Michael Knill
<michael.kn...@ipcsolutions.com.au> wrote:
>>
>> Hi Group
>>
>> I need to set up IPSEC tunnels from multiple Astlinux Clients to an
Astlinux Server (initial testing). Eventually the server will be VMware NSX.
>> I'm looking at all the config examples and have spent ages trying to
understand how it works but I'm still not quite there. Sorry for my
inexperience with IPSEC.
>>
>> I want to use strongSwan and the scenario is as follows:
>> • Server is Astlinux (initially for testing) with a static Public IP
>> • Clients require access to the server side LAN to Asterisk servers
>> • There is no connectivity between IPSEC tunnels.
>> • The Client is Astlinux with failover e.g. multiple paths which may or
may not be behind NAT
>> • No access to the Client local LAN is required e.g. only to the local
Astlinux box itself
>>
>> My assumption is that I will need to use Virtual IP’s but I am not sure
how to set this up?
>> They will all need to be static as well e.g. not negotiated.
>>
>> Can anyone kick me off.
>> Thanks so much all.
>>
>> Regards
>> Michael Knill
Michael
http://www.mksolutions.info
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
