Hi Martin, > Should I document this setup somewhere on the Wiki?
I've added some documentation [1]. As mentioned there, the hub-and-spoke setup is also demonstrated in an example scenario [2]. Even though its configuration is based on swanctl.conf the concept is the same when setting it up via ipsec.conf. > Out of curiosity, how would you configure the server and client if I > would like to add vpn-third subnet with 192.168.3.0? You'd just add that subnet to the list of remote traffic selectors on the clients and as local traffic selector on the server and the client that's actually connected to that subnet (basically just an extension of the config you have now). You could even simplify the configuration so that clients don't have to know all the subnets by configuring `rightsubnet=0.0.0.0/0`. Then the server is free to narrow that down to the list of subnets it has configured in `leftsubnet` (this won't work well if you want to use `auto=route` on the clients, though). Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/SubnetsBehindMoreThanTwoGateways [2] https://www.strongswan.org/testing/testresults/swanctl/net2net-gw/ _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
