Hello,
All traffic from a local inner IP@ uses a specific cipher suite unless if it is
addressed to 2 particular remote hosts (HOST1, HOST2). May I use the following
configuration for this?
conn to-HOST1
also=host-host
leftsubnet=10.5.0.1
rightsubnet=10.6.0.2
esp=specific_1
auto=start
conn to-HOST2
also=host-host
leftsubnet=10.5.0.1
rightsubnet=10.6.0.3
esp=specific_2
auto=start
conn to-WORLD-unless-HOST1and2
also=host-host
leftsubnet=10.5.0.1
[rightsubnet=%any] <== ???
esp=specific_3
auto=start
conn host-host
left=<IP address of left>
right=<IP address of right>
Thank you
Mugur
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
