Feature #878
Support for remote ranges in transport mode
Description
I'd like to use strongswan in a scenario where remote end can be specified as a range in the transport mode/esp. The scenario is to allow transparent encryption to a range of hosts without configuring each pair separately. Traps should handle encryption to hosts which match the range and authenticate properly.
I believe there was a test done with a similar scenario before in the trap-any branch: http://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/trap-any
There was also a post about opennhrp with racoon/strongswan which enables a similar configuration as far as I understand: http://t57773.network-vpn-strongswan-development.networkforums.info/dynamic-multipoint-vpn-opennhrp-with-strongswan-t57773.html
It would be great if that feature was officially implemented.
Config expected to run such case:
conn %default
forceencaps=no
type=transport
mobike=no
authby=psk
keyexchange=ikev2
conn multiple-hosts
left=w.x.y.1
right=w.x.y.z/24
auto=route
Related issues
History
#1 Updated by Tobias Brunner almost 6 years ago
- Related to Feature #196: Add support for right=%any (for auto=route) added
#2 Updated by Tobias Brunner over 5 years ago
- Category set to libcharon
- Status changed from New to Closed
- Assignee set to Tobias Brunner
- Target version set to 5.3.3
- Resolution set to Fixed
See #196-6 for details.