Hi Eric, > Initiator (Strongswan) ---- Responder > Defined host (i.e. 10.1.1.1) ---- defined network (I.e. 10.0.0.0\8) > Defined subnet (i.e. 10.1.1.0\24) ---- defined network (I.e. 10.0.0.0\8) > Defined Wildcard (i.e. 0.0.0.0.0\0) ---- defined network (I.e. 10.0.0.0\8) > Defined network (i.e. 10.0.0.0\8) ---- defined network (I.e. 10.0.0.0\8) > > If so, what entries on the Strongswan host would I need to enter to make this > work?
Just define left/rightsubnet to the Traffic Selectors strongSwan should propose. You can also define multiple subnets in IKEv2 by separating them with commas. > I also need to introduce similar configs for port\protocol based > narrowing as well. So I could use some insight into that as well. The left/rightprotoport options define the protocol and a single port. We currently can't define full port ranges through ipsec.conf. man ipsec.conf for details about these options. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
