Felipe Arturo Polanco
2018-06-13 20:27:16 UTC
Hi,
I would like to dynamically create connections to multiple IPSec peers
based on a child template.
One missing piece I still have is how to override the traffic selector of a
child connection declared in swanctl.conf
My child connection has this:
remote_ts = dynamic[udp/4789],dynamic[icmp]
I would like to override this local_ts whenever I run:
swanctl --initiate --child myipsec1 --source <local_ip> --remote <peer_ip>
I would like to add a specific subnet that is accessible through my peer,
the equivalent ts would be like this:
remote_ts = dynamic[udp/4789],dynamic[icmp],172.16.35.0/24
I do have dozens of peers and each has a specific subnet behind them.
Is there any way of specifying/modifying the traffic selector of a
connection child to achieve this?
Thanks,
I would like to dynamically create connections to multiple IPSec peers
based on a child template.
One missing piece I still have is how to override the traffic selector of a
child connection declared in swanctl.conf
My child connection has this:
remote_ts = dynamic[udp/4789],dynamic[icmp]
I would like to override this local_ts whenever I run:
swanctl --initiate --child myipsec1 --source <local_ip> --remote <peer_ip>
I would like to add a specific subnet that is accessible through my peer,
the equivalent ts would be like this:
remote_ts = dynamic[udp/4789],dynamic[icmp],172.16.35.0/24
I do have dozens of peers and each has a specific subnet behind them.
Is there any way of specifying/modifying the traffic selector of a
connection child to achieve this?
Thanks,