You can use a firewall rule rather than narrow your tunnel for this scenario. But, users can change their IP addresses manually to bypass your restriction if you didn't bind their MAC addresses/ports to their IP addresses.
On Thu, Feb 25, 2016 at 12:03 PM, Tony.He 賀雙鳳 <[email protected]> wrote: > Hi, > > > > Here is the topology. > > local subnet 192.168.1.0/24 -GW A ---Internet----GW B – local > subnet 192.168.2.0/24. > > I want to only allow hosts whose IP addresses in a range to be part > of the tunnel. For example, 192.168.1.2-192.168.1.8 are allowed > > in site A and 192.168.2.3-192.168.2.11 are allowed in site B. Can > anyone tell me how to configure? Thanks in advance. > > > > Best regards > > Tony > > > > ************************************************************************* > This email message, including any attachments, is for the sole > use of the intended recipient(s) and may contain confidential and > privileged information. Any unauthorized review, use, disclosure or > distribution is prohibited. If you are not the intended recipient, please > contact the sender by reply e-mail and destroy all copies of the original > message. [Delta Electronics, INC. China] > ************************************************************************* > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
