[strongSwan-dev] Load-tester issue
Tobias Brunner
tobias at strongswan.org
Thu Feb 12 09:38:00 CET 2015
Hi Meenakshi,
> request_virtual_ip = yes
> ...
> initiator_ts = 10.10.3.1/24
If you use `request_virtual_ip = yes` you don't have to specify the
initiator's traffic selector (`initiator_ts` is actually not a valid
option, the initiator's local TS would be set in `initiator_tsi`).
But to replace the default route and not only tunnel traffic to your
responder (i.e. 10.101.248.152/32) you'll have to specify `initiator_tsr
= 0.0.0.0/0`, otherwise the responder, even when configured with
`leftsubnet = 0.0.0.0/0`, will narrow the remote TS to the single IP
address proposed by the client.
> Also I see that my ipsec statusall shows everything to be /32 but i
> have configured on the server for it to be /24.
The option `rightsourceip=10.10.3.0/24` specifies an IP address pool for
virtual IP addresses assigned to clients, not a traffic selector. In
your case the address 10.10.3.1/32 is assigned to the client via
configuration payloads.
Regards,
Tobias
More information about the Dev
mailing list