0

Is my first VPN, for testing

this is my simple network scheme

LAN1(private 10.10.0.0/24) --->VPN-----internet---<VPN---<LAN2(private 10.20.0.0/24)

on /etc/ipsec.conf i use..

...
        left=ippublicserver1
        leftid=fqdnserverA
        leftsubnet=10.10.0.0/24
        right=ippublicserver2
        rightsubnet=10.20.0.0/24
....

My question is really simple..,on the serverB I have to use

  1. An IDENTICAL ipsec.conf

  2. A Different ipsec.conf where rigthsubnet become leftsubnet?

I think..B, is correct?

Hauke Laging
  • 90,279
elbarna
  • 12,695

2 Answers2

1

Correct: A Different ipsec.conf where rigthsubnet become leftsubnet

The statement leftsubnet is every a server at where you write a config, e.g you lan

In this example:

LAN1 Gateway, leftsubnet is 10.10.0.0/24 and rightsubnet is 10.20.0.0/24

LAN2 Gateway, leftsubnet is 10.20.0.0/24 and rightsubnet is 10.10.0.0/24

CorTheZ
  • 157
1

You can use the SAME ipsec.conf on both servers. Quoting from https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection (my emphasis),

Connection descriptions are defined in terms of a left endpoint and a right endpoint. [...] For every connection description an attempt is made to figure out whether the local endpoint should act as the left or the right endpoint. This is done by matching the IP addresses defined for both endpoints with the IP addresses assigned to local network interfaces [...]

What this means is that although there is a nominal convention that left = local, it doesn't actually matter.

Chris Davies
  • 116,213
  • 16
  • 160
  • 287