-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Aleksey
You need to define every net-to-net tunnel manually in ipsec.conf or swanctl.conf. The tunneled subnets for every spoke configuration on the hub would be leftsubnet=allOtherSpokeNetworks rightsubnet=SpokeNetwork On the spokes, the declaration would be the reverse of that. You can only use a host that is reachable on layer two as router for another host. So you cannot do that. You can, however, set the dscp value in the IP packets you want to be routed by the hub, for example, and use policy based routing on the hub to handle them in a special way. Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 28.03.2015 um 16:12 schrieb unite: > Hi guys! > > Is there a way to configure strongswan in a site-to-site hub-and-spoke > topology, so for me to have for example strongswan hub in central office and > having multiple spokes whose traffic between each other should be routed > through the central office? I haven't found a guide on the net, so it would > be very helpful for me if you can point me to the one, or just explain how > can I configure my tunnels in such a way. > > Also, I guess pretty similar question, can I configure clients in spoke's > network to use central office as a default gateway, so their traffic should > be routed encrypted to the central office, then decrypted and sent to the > receiver? > > Thnaks in advance. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVFxlwAAoJEDg5KY9j7GZYkjkQAIUuKF3re3g/hNjDaTvJ4kWs a72D4nJzFRKx+mkCIbSmZIgLD7SPYisX3Qrez5GQLuUp6kyR/+GyE71aUZmIG6zz vtlu2h3Ns6C7Ru6l+G/NOlJDVpJr4hp1p5QMr1aJpzkB0Ecb5T+uNaJiZNZ0BhXn bnKiYt+8dDVmcIeF6h313LIKrwFVFGlO7RasKNDKlzDBs66MB4fhCk3ZkgPQk8IE u0XWrBNfXBiiXk5DvND5gLzjWlPOZHDWYbffrV2STPxrjvcyGIaGd611D4u68jaq tS/L6nFo5qWL5nyEHb4iA2nCdJFLYLqQk94TEIJVhSNfjJU9lexpmRvjl9v2dd8+ J0E78ZLcm0kVkfcpKR0T7O099WRGCOGYMwUK8Sq9cFUConhFzMWAOgJrP/lo9sx8 LOstUcStDHIycJHbsqhHyNuZrCr/aDLJe3Ua7pkvYnObFopPUMPdmq8ScPDOGKO8 HQNf1pBX3zisU0UzPHMSqp7YUiqm39qwHOfU9O9C5pB6HPDnearzhZQxLy/wHA4S KC2etzL2dYtmUiGlqgVFNXFgWFxiTcGGTM/zLfJcuc1fovyqPQvZJsx6VCGMu6zx 32hWDkLnG8mgKaqpMPWQ9wZPAmkeKL1yLEAlx2mPfFOIDiym0pivHrYpQ0Wt+bFU 0DlJqnFIfStXutevJOGr =Eh3R -----END PGP SIGNATURE----- _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users