Hi Maybe the attached ipsec.conf files for Hub and spokes (2 spokes) would be useful. It worked for me nicely in my setup which is also attached
PS: The attachment is a rar file (zipped using winrar) thanks & regards rajiv On Sun, Mar 29, 2015 at 2:43 AM, Noel Kuntze <n...@familie-kuntze.de> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hello Aleksey > > You need to define every net-to-net tunnel manually in ipsec.conf or > swanctl.conf. > The tunneled subnets for every spoke configuration on the hub would be > leftsubnet=allOtherSpokeNetworks > rightsubnet=SpokeNetwork > > On the spokes, the declaration would be the reverse of that. > > You can only use a host that is reachable on layer two as router for > another host. > So you cannot do that. You can, however, set the dscp value in the IP > packets you want to be routed by the hub, for example, and use policy > based routing on the hub to handle them in a special way. > > Mit freundlichen Grüßen/Kind Regards, > Noel Kuntze > > GPG Key ID: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > Am 28.03.2015 um 16:12 schrieb unite: > > Hi guys! > > > > Is there a way to configure strongswan in a site-to-site hub-and-spoke > topology, so for me to have for example strongswan hub in central office > and having multiple spokes whose traffic between each other should be > routed through the central office? I haven't found a guide on the net, so > it would be very helpful for me if you can point me to the one, or just > explain how can I configure my tunnels in such a way. > > > > Also, I guess pretty similar question, can I configure clients in > spoke's network to use central office as a default gateway, so their > traffic should be routed encrypted to the central office, then decrypted > and sent to the receiver? > > > > Thnaks in advance. > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJVFxlwAAoJEDg5KY9j7GZYkjkQAIUuKF3re3g/hNjDaTvJ4kWs > a72D4nJzFRKx+mkCIbSmZIgLD7SPYisX3Qrez5GQLuUp6kyR/+GyE71aUZmIG6zz > vtlu2h3Ns6C7Ru6l+G/NOlJDVpJr4hp1p5QMr1aJpzkB0Ecb5T+uNaJiZNZ0BhXn > bnKiYt+8dDVmcIeF6h313LIKrwFVFGlO7RasKNDKlzDBs66MB4fhCk3ZkgPQk8IE > u0XWrBNfXBiiXk5DvND5gLzjWlPOZHDWYbffrV2STPxrjvcyGIaGd611D4u68jaq > tS/L6nFo5qWL5nyEHb4iA2nCdJFLYLqQk94TEIJVhSNfjJU9lexpmRvjl9v2dd8+ > J0E78ZLcm0kVkfcpKR0T7O099WRGCOGYMwUK8Sq9cFUConhFzMWAOgJrP/lo9sx8 > LOstUcStDHIycJHbsqhHyNuZrCr/aDLJe3Ua7pkvYnObFopPUMPdmq8ScPDOGKO8 > HQNf1pBX3zisU0UzPHMSqp7YUiqm39qwHOfU9O9C5pB6HPDnearzhZQxLy/wHA4S > KC2etzL2dYtmUiGlqgVFNXFgWFxiTcGGTM/zLfJcuc1fovyqPQvZJsx6VCGMu6zx > 32hWDkLnG8mgKaqpMPWQ9wZPAmkeKL1yLEAlx2mPfFOIDiym0pivHrYpQ0Wt+bFU > 0DlJqnFIfStXutevJOGr > =Eh3R > -----END PGP SIGNATURE----- > > > _______________________________________________ > Users mailing list > Users@lists.strongswan.org > https://lists.strongswan.org/mailman/listinfo/users
strongswan-ipsec-hub-spoke-configs.rar
Description: application/rar
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users