Hi,all
The roadwarriors alice and venus sitting behind the NAT router moon
set up tunnels to gateway sun.
The content of ipsec.conf in the moon as :
# /etc/ipsec.conf - strongSwan IPsec configuration file config setup
plutostart=no conn %default ikelifetime=60m keylife=20m
rekeymargin=3m keyingtries=1 authby=secret keyexchange=ikev2
mobike=no conn net-net left=192.168.0.1 [email protected]
leftfirewall=yes right=192.168.0.2 rightsubnet=10.2.0.0/16
[email protected] auto=add
And the content of ipsec.conf in the moon as :
# /etc/ipsec.conf - strongSwan IPsec configuration file config setup
plutostart=no conn %default ikelifetime=60m keylife=20m
rekeymargin=3m keyingtries=1 authby=secret keyexchange=ikev2
mobike=no conn net-net left=192.168.0.2 leftsubnet=10.2.0.0/16
[email protected] leftfirewall=yes right=192.168.0.1
[email protected] auto=add Maybe you has found that there
is not a line "leftsubnet=10.1.0.0/16" in the ipsec.conf of moon,and there is
aslo not a line "rightsubnet=10.1.0.0/16" in the ipsec.conf of sun. Now
what I need is that :alice and moon can ping bob with the IPsec tunnel, ,and
venus can ping winnettou without the IPsec tunnel ,the serious situation is
that I only can modify the ipsec.conf of moon ,and ban modifying the
ipsec.conf of sun .This hard question has troubled me for a month ,I have found
many references,but I still can not solve this hard question , is there any
method can solve this hard question ?May I solve this question by the iptables
or modify the ipsec.conf of moon only ? Regards ,
Qixing Law
[email protected]
Description: Binary data
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
