Hi Tony, On 02/25/2016 05:03 AM, Tony.He 賀雙鳳 wrote: > Hi, > > Here is the topology. > local subnet 192.168.1.0/24 -GW A ---Internet----GW B – local subnet > 192.168.2.0/24. > I want to only allow hosts whose IP addresses in a range to be part of > the tunnel. For example, 192.168.1.2-192.168.1.8 are allowed > in site A and 192.168.2.3-192.168.2.11 are allowed in site B. Can > anyone tell me how to configure? Thanks in advance. > > Best regards > Tony Try playing around with prips [1], this could help you dividing your ranges into subnets/hosts. They can be configured as list of subnets in. As for site A you would use
'leftsubnet=192.168.2.3,192.168.2.4/30,192.168.2.8/30' likewise for site B: 'rightsubnet=192.168.1.2/31,192.168.1.4/30,192.168.1.8' That's definitely no very convinient way. The alternative, using firewall rules might come in more handy. Cheers, Thomas [1] http://manpages.ubuntu.com/manpages/raring/man1/prips.1.html _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
