[strongSwan] ikev2 - configuration payload in spite of explicit virtual IP address
Martin Willi
martin at strongswan.org
Tue Nov 2 13:50:42 CET 2010
> The initiator stills send the configuration payload
> > charon: 05[CFG] received stroke: add connection 'net-net'
> > charon: 05[CFG] conn net-net
> > charon: 05[CFG] left=192.168.20.51
> > charon: 05[CFG] leftsubnet=(null)
> > charon: 05[CFG] leftsourceip=192.168.10.20
> > charon: 05[CFG] leftauth=psk
According to your log, starter still loads the config with the
leftsourceip specified. Double check that the configuration is updated
and starter reload (ipsec restart).
> What you you mean exactly by "Also, the IP address is not installed by
> the daemon."
The configuration payload mechanism used by leftsourceip requests an IP
address from the gateway, optionally requesting a specific one. If the
gateway accepts such a request, it responds with an IP address the
client can use. The daemon automatically installs the address to the
system.
If you do not want to use the configuration payload exchange mechanism,
you'll have to manually install this IP address on your system (i.e. ip
address add 192.168.10.20 dev ethx). The daemon does not know it and is
unable to do this for you.
Regards
Martin
More information about the Users
mailing list