[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] multiple addresses for the left|right option
From: Martin Willi <martin () strongswan ! org>
Date: 2015-02-27 9:24:01
Message-ID: 1425029041.3155.29.camel () martin
[Download RAW message or body]
Hi,
> I am wondering how the specification of multiple addresses in the left|right option works.
> right=134.111.75.171,134.111.75.172
The right option can take multiple addresses, but only to match the
connection when responding to initiators.
> For example, how many kernel policies I should have seen if I have the
> left with one single address and the right with two specific address
left/right does not directly specify the selectors/policies negotiated,
leftsubnet/rightsubnet does.
leftsubnet/rightsubnet default to %dynamic, which gets replaced
dynamically with the peer endpoints (or an assigned virtual IP). So the
selector does not get extended to what you configure in "right", but
what addresses are used for the IKE exchange (usually just one of them).
If you want to negotiate additional/different selectors, specify them in
leftsubnet/rightsubnet instead.
Regards
Martin
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic