Server Fault Asked by viraptor on January 12, 2021
Is there any way to configure strongswan to automatically start encryption to a given subnet rather than specific host? For example, if I know that my hosts at w.x.y.z/28 will be have the same PSK configured. I’d like to configure all of them in one go with:
conn protected
left=%any
right=%any
rightsubnet=w.x.y.z/28
auto=route
forceencaps=no
type=transport
mobike=no
authby=psk
or similar. I want to avoid specifying each one separately. I expected the trap on routes to do the required startup as needed. But strongswan refuses to work this way and claims that installing trap failed, remote address unknown.
Is this scenario possible in any way?
You must use Strongswan 5.3.3 or later.
See the test case trap-any in https://github.com/strongswan/strongswan/tree/master/testing/tests/ikev2/trap-any
See also Strongswan issues https://wiki.strongswan.org/issues/878 and https://wiki.strongswan.org/issues/196
Hope this helps
Answered by Ramón García on January 12, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP