Hi Andreas, I only see the policy for the first one... :-( I set:
rightsubnet=192.168.1.35/32,192.168.1.36/32 and rightsubnet=192.168.1.35/32,192.168.1.36/32, But the policies shown are for 192.168.1.35/32. Regards, Pedro. -----Mensaje original----- De: Andreas Steffen [mailto:[email protected]] Enviado el: miércoles, 04 de julio de 2012 11:57 Para: [email protected] CC: [email protected] Asunto: Re: [strongSwan] Right hosts Hi Pedro, what's the output of the ip -s xfrm policy command? You should see an IN/OUT/FORWARD policy for each of the two subnets. Regards Andreas On 07/04/2012 11:23 AM, Pedro José Bello Valiñas wrote: > Hi again Andreas, > Any other configuration needed for this to work? > After establishing the communication using IKEv2, only the first IP on > rightsubnet parameter is being routed through the tunnel. The second > one is going out of the tunnel. > > rightsubnet=192.168.1.35/32,192.168.1.36/32 > > Any ideas? > > Thanks again!! > > > -----Mensaje original----- > De: Andreas Steffen [mailto:[email protected]] > Enviado el: jueves, 28 de junio de 2012 5:21 > Para: [email protected] > CC: [email protected] > Asunto: Re: [strongSwan] Right hosts > > Hi Pedro, > > if Checkpoint supports IKEv2 then you could specify: > > conn all > > rightsubnet=192.168.1.35/32,192.168.1.36/32,192.168.1.37/32,192.168.1. > 38/32, > 192.168.1.39/32 > > With IKEv1 only > > conn subnet > rightsubnet=192.168.1.34/29 > > or 6 separate IPsec SAs are possible > > conn c1 > rightsubnet=192.168.1.35/32 > also=main > auto=start > > conn c6 > rightsubnet=192.168.1.39/32 > also=main > auto=start > > conn main > left= > leftsubnet= > right= > ... > > Regards > > Andreas > > On 06/27/2012 10:53 AM, Pedro José Bello Valiñas wrote: >> Hi all, >> We have a list of remote hosts with we want to communicate to through >> our tunnel (Strongswan - Checkpoint). >> For example: >> - 192.168.1.35/32 >> - 192.168.1.36/32 >> - 192.168.1.37/32 >> - 192.168.1.38/32 >> - 192.168.1.39/32 >> >> Now, when we configure our Strongswan right conn parameter, what >> should we set there? >> >> Rightsubnet=192.168.1.34/29? (Altough 192.168.1.40/32 doesn't belong >> to the remote hosts we want to communicate through the tunnel?) >> >> Is there any way to specify a "closed" list of hosts? >> >> Regards, >> Pedro. ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
