Hi, > i want to know if strongswan running on a linux server can support this > clients. > > - android phones using native client, and configured as ipsec rsa xauth > (x509+Xauth), all traffic should be routed over the vpn > > - mikrokit router, configured as ipsec rsa, behind a dynamic ip but not > nat (adsl), not all traffic should be routed over vpn. > router will nat is clients into the vpn > > - remote workstation running linux behind nat, not all traffic should be > routed over vpn, but it should allow connections from other vpn client > > - laptop running linux, most of the time behind nat, it may or may not > need to route all the traffic over vpn, it needs to be able to connect > to the remote workstation over the vpn
That should be doable, yes. Obviously you'll need multiple connection definitions in your ipsec.conf, most likely one for each of these clients. The tricky part is probably to assign the correct connection definition to each connecting client. I assume the first two use IKEv1? Then you can distinguish them by the authentication method. For the latter two I'd recommend to use IKEv2 (and strongSwan clients?), but not sure what your "other vpn client" supports. If required you can used different leftids on your responder with IKEv2, and then select the correct configuration based on the proposed responder identity. Alternatively you may select the configuration based on the client identity or its IP address; this highly depends on your client capabilities. Whether to "route all traffic over VPN" depends on your leftsubnet configuration; you may also dynamically allow clients to propose what to tunnel by using traffic selector narrowing. > i want to know if strongswan can do all this for me running on a single > server, on a single instance with a single pool of ip Sharing an in-memory virtual IP pool is straightforward since 5.0.1; just define the same rightsourceip pool subnet to share it across multiple connections. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
