Re: [strongSwan] leftsubnet stanza

2019-06-05 Thread Tobias Brunner 
Hi Doug,

> leftsubnet = 10.10.10.0/24 10.10.11.0/24 (and tried putting a comma in
> between them but it doesn't like that)

They are separated by commas (read the documentation/man page).

> Is there any way to have multiple subnets on my side on one line?

Depends on the IKE version (it works with IKEv2, and for IKEv1
roadwarriors if they support Cisco's Unity extension, otherwise, you
need separate conn sections [1]), and the peer's implementation (some
IKEv2 implementations don't support narrowing at all, others ignore it
or require manual configuration e.g. via routes).

Regards,
Tobias

[1]
https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#Multiple-subnets-per-SA

[strongSwan] leftsubnet stanza

2019-06-05 Thread Doug Tucker 
All,


Looking for some help on the leftsubnet = stanza.  Is there a way to put 
mulitiple subnets on the same line?  I need to give access to 3 subnets on my 
side from 1 subnet on theirs.  I have tried:


leftsubnet = 10.10.10.0/24 10.10.11.0/24 (and tried putting a comma in between 
them but it doesn't like that)


using leftsubnet = 0.0.0.0/0 works, but that apparently opens it to any subnet 
on my side they have a mapping to on theirs...so I lose control.


Is there any way to have multiple subnets on my side on one line?




Doug Tucker
Sr. Director of Networking & Linux Operations

o: 817.975.5832  |  m: 817.975.5832

e: doug.tuc...@navigaglobal.com



[cid:image001.png@01D4FEC7.F32F3010]

[cid:image002.png@01D4FEC7.F32F3010]  
[cid:image003.png@01D4FEC7.F32F3010]    
[cid:image004.png@01D4FEC7.F32F3010] 




Newscycle Solutions is now Naviga. Learn more.

CONFIDENTIALITY NOTICE: The contents of this email message and any attachments 
are intended solely for the addressee(s) and may contain confidential and/or 
privileged information and may be legally protected from disclosure. If you are 
not the intended recipient of this message or their agent, or if this message 
has been addressed to you in error, please immediately alert the sender by 
reply email and then delete this message and any attachments. If you are not 
the intended recipient, you are hereby notified that any use, dissemination, 
copying, or storage of this message or its attachments is strictly prohibited.