[strongSwan] Strongswan site2site tunnel

[Filip Maroul]

Hello users of strongswan,
I am new to strangswan. I prepare some config files for both sites but I 
am confused with ip address on externel site. I have only one public IP 
on the othere site is no public IP it is possible to make tunnel work ?
I attach configuration files for both site. Where I am not sure with IP 
I add ???.

First site is name neptune.filip.local
Second site name is pluto.it.local

On both sites I have in /etc/ipsec.secrets prshared key

Thank you for any help. When I tune up config files I will move to 
iptables rules :-)

--
S pozdravem
Filip Maroul
fi...@filipnet.cz

config setup
        charondebug="ike 2, knl 2, cfg 2, mgr 2"

conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=3
        authby=secret
        keyexchange=ikev2
        mobike=no
        type=tunnel
        esp=aes256-sha512-ecp521!
        ike=aes256-sha512-ecp521!

conn net-net
        left=193.155.68.xxx /public IP site
        leftsubnet=192.168.0.0/24
        leftid=@neptun.filip.local
        leftfirewall=yes
        right=192.168.5.250 ??? / site without public IP
        rightsubnet=192.168.3.0/26
        rightid=@pluto.it.local
        auto=start

neptun.filip.local @pluto.it.local : PSK 
S8MdL1u6V730X+lQ1JszmPyDgLFiXOnoHK1nx+i4Ot87MdQDCPDEvwfrzhwMDZszqnVxfiVkSNk8SeqHEeFK6zvXGenN5A+Dwcmy/hjWN8/yWNYY6GFGFN+/TY7x7t5adW0PAG0mOmm+WWUjV1fQX7ECenIkpExw6lK4ViXMUhHSYFhpsuMZ7bpfR5hTBAwB1orP2Z0td3AnV35qt9doGRfgPA7Ncf+4PmRLi30K47KKdyHPn1nNlGc5RPm31xItIGXyp9yaByMgZi5WpHmJ1lktRfwnFxD/V1v6qMXb14S5upvw3qBggTAjnkjJN12VETn3ecJQyhpsKY+Ljo+bK3GjDoYxKLNRfK0MZL5kbaWuZ1BRShrw2af2sMUgpngfgYZFaCmnDbSBNV3d54R0fgQ+S269DLtes9005aL4qeNyVMz6iDPInVjR060UfzgWDNgvfM0LchTHlI0nHWntK6rXyvx0j+jC6MiwSZ1oOW5kzlpWIkLp/gPk2pxwknMVzlu6xk2zLDTuI+1jnj+M2Xg7kK52ftXnwBDdv8zShAn7KDt6I0X14GmeE32QEXKIRvdI+GFIJblzZ1Nka2teqQNpCc+IT55GIlq4Zb2rQIHjGavgglTCARMqbUBgifzNohDzPnBU7tkMn6zZdjXMwWNvbIh0plxERm4+1BjEqxAPKoc42/rehGRAybdGmkGsPDO9VMES/IvevSrHqEBq9psgvSwBfVT5Oc2CUHuHEPCagwwE/Hg0FeqeKtfZkw7qEaPstngipkE1JC1io1K9WoaAxKBwxNZBxPfzMAKDD/FacGGcb0ZmvjrVFnbI7Jy5CgHGPrCSx3aTKGhw8Gsuyv6hj7IeOnMhZ1SKJXs43uDgIwWDerp56Efkrph3ap0WcsIoMPZSu2gXliF4npzZBc1jrAfPX+/iLmcCIH8291XQq302AdH2ru/CwUTr52nBF27dMcbDlBQobK0valYo/j4uXWakKhOcwVr6d9MydzZnfSiflZ1X8nrV8eBNpAKm

config setup
        charondebug="ike 2, knl 2, cfg 2, mgr 2"

conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=3
        authby=secret
        keyexchange=ikev2
        mobike=no
        type=tunnel
        esp=aes256-sha512-ecp521!
        ike=aes256-sha512-ecp521!

conn net-net
        left=192.168.5.250 / ip address of server where is no public ip
        leftsubnet=192.168.3.0/26
        leftid=@pluto.it.local
        leftfirewall=yes
        right=93.155.68.xxx / My public IP
        rightsubnet=192.168.0.0/24
        rightid=@neptun.filip.local
        auto=start

_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users