<div dir="ltr">I don't see any loopback addresses listed in the "known interfaces":<div><br></div><div><div>8150 00[KNL] known interfaces and IP addresses:</div><div>8151 00[KNL] p2p1</div><div>8152 00[KNL] 169.x.x.x</div><div>8153 00[KNL] fe80:::4ae5</div></div><div><br></div><div>where p2p1 interface has an internal 169 IP, not the one I want to listen on. The IP I want to listen on is actually on the lo interface:</div><div><br></div><div><div>ip -d addr show lo | grep 104.100.x.x</div><div> inet 104.100.x.x/32 scope global lo</div></div><div><br></div><div>Not that it should matter, but all this is being done inside a ip/mininet network namespace.</div><div><br></div><div>Thanks.</div><div>Piyush</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, May 1, 2017 at 4:13 PM, Piyush Agarwal <span dir="ltr"><<a href="mailto:agarwalpiyush@gmail.com" target="_blank">agarwalpiyush@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi,<div>I am using strongswan 5.1.2 on Ubuntu 14.04 and I need to specify the IP address on which to listen on. I found some ipsec.conf manpages (<a href="https://linux.die.net/man/5/ipsec.conf" target="_blank">https://linux.die.net/man/5/<wbr>ipsec.conf</a>) which suggest a config item "listen", but strongswan 5.1.2 at least doesn't seem to have this option.</div><div><br></div><div>Is there not a way to specify the listen IP address? In my case, this IP address is actually on the loopback interface. As long as I can specify the listen interface, I should be fine.</div><div><br></div><div><div>config setup</div><div><b> listen=10.100.0.5</b></div><div><br></div><div>conn %default</div><div> ikelifetime=60m</div><div> keylife=20m</div><div> rekeymargin=3m</div><div> keyingtries=1</div><div> keyexchange=ikev2</div><div> authby=rsasig</div><div><br></div><div>conn 10.10.10.8</div><div> type=transport</div><div> left=10.100.0.5</div><div> leftcert=left.cert</div><div> leftsendcert=always</div><div> rightcert=right.cert</div><div> right=10.10.10.8</div><div> auto=start</div><div><div><br></div><div><b>/etc/ipsec.conf:7: unknown keyword 'listen' [10.100.0.5]</b></div><div><b>unable to start strongSwan -- fatal errors in config</b></div></div><span class="HOEnZb"><font color="#888888"><div><br></div><div><br></div>-- <br><div class="m_-9102770207496988716gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><span style="font-size:12.8px">Piyush Agarwal</span><br></div><div><span style="color:rgb(17,17,17)"><font face="arial, helvetica, sans-serif" size="2">Life can only be understood backwards; but it must be lived forwards.</font></span><br></div><div><span style="color:rgb(17,17,17)"><font face="arial, helvetica, sans-serif" size="2"><br></font></span></div></div></div></div></div></div></div></div></div></div></div></div></div>
</font></span></div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><span style="font-size:12.8px">Piyush Agarwal</span><br></div><div><span style="color:rgb(17,17,17)"><font face="arial, helvetica, sans-serif" size="2">Life can only be understood backwards; but it must be lived forwards.</font></span><br></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>