Hello Victor, Use a subnet wide transport mode config as shown on the UsableExamples page.
Kind regards Noel Am 20.01.20 um 17:30 schrieb Victor Sudakov: > Dear Colleagues, > > If I want to set up an IPSec transport mode connection between two > hosts, I describe the following connection, and it works: > > conn test-v6 > left=X:X:X:X::2 > right=Y:Y:Y:Y::10 > type=transport > authby=psk > auto=route > > However, the remote host uses several IP addresses from the Y:Y:Y:Y::/64 > network, not just Y:Y:Y:Y::10. There is the static address, a SLAAC > address, an RFC4941 outgoing address, may be more... > > 1. How do I configure Strongswan so that the remote side can be any address > from the Y:Y:Y:Y::/64 network and the connection is still protected? > > 2. What if both the left and right hosts are like this? >
signature.asc
Description: OpenPGP digital signature
