Hi Adrian,
> Is it possible to setup ipsec.secrets to allow only certain subnets to
> use certain PSKs
>
> 24.177.*.* : PSK “tempskforme”
>
> Is this at all possible? How can I control which subnets are allowed to
> access my GW?
With the just released strongSwan 5.1.1 this should be possible. This
release allows you to configure
right=<subnet>,<or range>,<or single ips>,<or mixed>
instead of right=%any. Then instead of configuring an IP address in
ipsec.secrets you'd configure a specific leftid for each of your
connections (of course, your clients have to accept/use that ID as
rightid), and then use that ID in ipsec.secrets to select the secret.
Regards,
Tobias
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
