Core: ipsec Phase2 config, multiple left|rightsubnet

Created on 26 Jun 2020  路  5Comments  路  Source: opnsense/core

Hi Team,

Per https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection ipsec.conf left|rightsubnet supports comma separated list of subnets.
On opnsense UI "VPN: IPsec: Tunnel Settings" (Add new Phase2) Local Network Type can only be "Address/Network"

Describe the solution you'd like
Can there be a "Custom"/"Manual" option there so I can write comma separated list right there?

Describe alternatives you've considered
Don't see any alternatives for this other than creating one Phase2 entry per subnet which is not ideal for my use case.
I saw "Manual SPD entries" on the bottom that does not create the same as multiple subnets as the client is roadwarrior.

Additional context
NA

help wanted
Source
picture sooslaca

Most helpful comment

Currently not possible and hard to implement. You could add your custom conn via include file.

picture mimugmail on 26 Jun 2020
👍2

All 5 comments

Currently not possible and hard to implement. You could add your custom conn via include file.

mimugmail picture mimugmail on 26 Jun 2020
👍2

To implement multiple comma separated left subnet, you can add multiple phase 2 (same phase 2 proposal but different local network)

Be carefull that Microsoft Windows do not push automatically routes. You have to play with add-vpnconnectionroutes...

lastuptodate picture lastuptodate on 3 Jul 2020

I think that results two different conn sections as subconn like conn con6-003
Include file works well though, thanks for that @mimugmail

sooslaca picture sooslaca on 6 Jul 2020

I think that results two different conn sections as subconn like conn con6-003
Include file works well though, thanks for that @mimugmail

I have done that on my ipsec and I have only 1 "conn con1" with:
leftsubnet = 10.0.0.0/8,198.18.0.0/26,198.19.139.64/29

lastuptodate picture lastuptodate on 6 Jul 2020

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository,
please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue,
just let us know, so we can reopen the issue and assign an owner to it.

OPNsense-bot picture OPNsense-bot on 6 Jan 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

StevenNexus picture StevenNexus  路  6Comments
nikaro picture nikaro  路  3Comments
TransLunarInjection picture TransLunarInjection  路  7Comments
xpac1985 picture xpac1985  路  5Comments
namezero111111 picture namezero111111  路  5Comments