Hi again Andreas, Any other configuration needed for this to work? After establishing the communication using IKEv2, only the first IP on rightsubnet parameter is being routed through the tunnel. The second one is going out of the tunnel.
rightsubnet=192.168.1.35/32,192.168.1.36/32 Any ideas? Thanks again!! -----Mensaje original----- De: Andreas Steffen [mailto:[email protected]] Enviado el: jueves, 28 de junio de 2012 5:21 Para: [email protected] CC: [email protected] Asunto: Re: [strongSwan] Right hosts Hi Pedro, if Checkpoint supports IKEv2 then you could specify: conn all rightsubnet=192.168.1.35/32,192.168.1.36/32,192.168.1.37/32,192.168.1.38/32, 192.168.1.39/32 With IKEv1 only conn subnet rightsubnet=192.168.1.34/29 or 6 separate IPsec SAs are possible conn c1 rightsubnet=192.168.1.35/32 also=main auto=start conn c6 rightsubnet=192.168.1.39/32 also=main auto=start conn main left= leftsubnet= right= ... Regards Andreas On 06/27/2012 10:53 AM, Pedro José Bello Valiñas wrote: > Hi all, > We have a list of remote hosts with we want to communicate to through > our tunnel (Strongswan - Checkpoint). > For example: > - 192.168.1.35/32 > - 192.168.1.36/32 > - 192.168.1.37/32 > - 192.168.1.38/32 > - 192.168.1.39/32 > > Now, when we configure our Strongswan right conn parameter, what > should we set there? > > Rightsubnet=192.168.1.34/29? (Altough 192.168.1.40/32 doesn't belong > to the remote hosts we want to communicate through the tunnel?) > > Is there any way to specify a "closed" list of hosts? > > Regards, > Pedro. ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
