Re: [strongSwan] How to tunnel traffic towards the public IP of the remote gateway?

Tiago Vasconcelos Thu, 16 Apr 2015 13:44:36 -0700

Thanks a lot for your prompt response!
Does %dynamic work in net2net? Or only in road-warrior scenarios?


Tiago


On 16-04-2015 17:14, Noel Kuntze wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,

Yes, use %dynamic in rightsubnet as follows: rightsubnet=foo,bar,%dynamic

If you use use IKEv1, you need to define several SAs for each combination of 
subnets.
For IKEv2, the mentioned combination would be just fine.

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 16.04.2015 um 18:09 schrieb Tiago Vasconcelos:

My understanding is that only traffic towards the subnets declared in:

     rightsubnet

is tunnelled and, therefore, encrypted. Whereas traffic towards the IP address 
of the remote gateway declared in:

     right

is routed outside of the tunnel.


Example:

     Gateway Sun address (WAN-facing): 120.121.122.123  (fictitious)
     Subnet behind Sun eth1 (LAN-facing): 192.168.90.0/24 
<http://192.168.90.0/24>

     Traffic traffic with a destination IP of 192.168.90.1 is tunnelled.
     But SMTP traffic with a destination IP of 120.121.122.123 is not tunnelled.

In the Cisco world it's apparently possible to tunnel non-IPsec traffic towards 
the remote gateway public IP address.
Can strongSwan do this as well?



Tiago


_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users



_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] How to tunnel traffic towards the public IP of the remote gateway?

Reply via email to