Project

General

Profile

Feature #878

Support for remote ranges in transport mode

Added by Stan P over 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Category:
libcharon
Target version:
Start date:
06.03.2015
Due date:
Estimated time:
Resolution:
Fixed

Description

I'd like to use strongswan in a scenario where remote end can be specified as a range in the transport mode/esp. The scenario is to allow transparent encryption to a range of hosts without configuring each pair separately. Traps should handle encryption to hosts which match the range and authenticate properly.

I believe there was a test done with a similar scenario before in the trap-any branch: http://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/trap-any
There was also a post about opennhrp with racoon/strongswan which enables a similar configuration as far as I understand: http://t57773.network-vpn-strongswan-development.networkforums.info/dynamic-multipoint-vpn-opennhrp-with-strongswan-t57773.html

It would be great if that feature was officially implemented.

Config expected to run such case:

conn %default
forceencaps=no
type=transport
mobike=no
authby=psk
keyexchange=ikev2

conn multiple-hosts
left=w.x.y.1
right=w.x.y.z/24
auto=route


Related issues

Related to Feature #196: Add support for right=%any (for auto=route)Closed18.06.2012

History

#1 Updated by Tobias Brunner over 5 years ago

  • Related to Feature #196: Add support for right=%any (for auto=route) added

#2 Updated by Tobias Brunner about 5 years ago

  • Category set to libcharon
  • Status changed from New to Closed
  • Assignee set to Tobias Brunner
  • Target version set to 5.3.3
  • Resolution set to Fixed

See #196-6 for details.

Also available in: Atom PDF