On Tuesday 12 July 2011 08:16:14 Martin Willi wrote: > Hi, > > > a) can two iterations of strongswan be run on the same network -one on > > the main router and the other on the ssh server? > > Does the SSH server run on a dedicated box with a public IP? Then there > is no reason why you couldn't run strongSwan on it. > > > b) if a) is true, can ipsec traffic be routed directly to the ssh server > > though the main router has the ipsec daemon running ? > > If ESP and IKE traffic will be addressed to the SSH server, why not. > > > But it is not clear to me why you'll need two IPsec gateways on your > network and what you'd like to do with them... > > Regards > Martin
Thanks for your reply/ I have now adjusted the req and is considering placing the sshD server inside the local network. If I use the latest version of strongswan and 'protocol selection' as described here:- http://www.strongswan.org/uml/testresults/ikev2/protoport-dual/index.html or here:- http://www.strongswan.org/uml/testresults/ikev2/protoport-route/index.html Speaking of ssh only, would there not be additional secutity if a connection for the ipsec-client/sshd-server (in this case Alice) was described in the ipsec.conf file for the gateway? And if so what would the resultant connection be in the ipsec.comf file for the rw-client Carol? ( In otherwords basically I want a setup where the tummel; is from the remote host to the sshD server inside the network ) ####### advice would be welcomed. sincerely lux-integ _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
