Hi Brian, > I am using strongswan-4.2.8, I have a question want to check you, does > this version have support IP range like 192.168.2.3-192.168.2.233 when > set to left|right side?
4.2.8 supports IKEv1 only, and this protocol supports full subnets only. Or is there an extension for arbitrary address ranges? The newer IKEv2 supports such address ranges, and our daemon can actually negotiated them. But: 1) there is currently no way to configure such ranges in ipsec.conf 2) the Linux kernel can handle policies with full subnets only If a range is negotiated, it gets mapped to the next larger subnet. > If not does any one have an idea to implement it? It would require major effort to extend the kernel accordingly. So it probably won't happen soon, unless somebody is willing to sponsor it. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
