[Swan] Possible to setup multiple connections, partly behind NAT?
Phil Nightowl
phil.nightowl at gmail.com
Sat Feb 10 00:35:39 EET 2024
> > Please forgive me, I still don't get it, To me, it seems that even if those
> > subnets are single IPs (/32), they're still ANY IPs.
>
> It might not really make sense, but it is how it works.
OK, I'll just take it as given.
> > option in the future to configure a different connection for the
> > roadwarriors. Which brings me back to the question of how to distinguish
> > between those connections?
>
> You can have multiple connections with right=%any and do matching on
> rightid= to select between them.
I am used to utilise X.509, so I have leftid=%fromcert everywhere. Does the
above mean that I should use something like
right=%any
rightid="CN=*.privlan,O=MyOrg,C=CA" ?
If so, to what extent are wildcards supported then (are they at all)? Could
I for instance write something like
rightid="CN=host[1-9].privlan,O=MyOrg,C=CA"?
Thanks!
Phil
More information about the Swan
mailing list