strongSwan

Attached is a PDF.

I need to "Many Moons" out in the field to connect back to a central "SUN".
The moons will have two NICs. One will connect to their existing network. Obtain an IP from their DHCP server.

This is the connection MOON will use to make an outbound connection back to SUN.
Moon most of the time will be behind a NAT firewall.

I don't want to make changes to the firewall. This is why I want Moon to make an "Outbound" connection back to SUN.

The second NIC on the Moon(s) will attach to a management switch.
This switch will have the server(s) I need to have access to back at my location with SUN.

On myside, SUN is behind a NAT firewall, but its mine. I can open what ports are needed with no problem.

On the MOON side / Concerns ---
I want make sure they can't just plug a station in to the management switch and get an IP.
With an IP they would be on the management network.

I am not sure how many IPs i need on a Moon location.
Or I dont know how many locations I am going to have in a few years.

I am not sure how strongSwan does stuff like IPs or allocations, etc.

Please review and point me in the right direction.

Thanks Matt