[strongSwan] ikev2 - configuration payload in spite of explicit virtual IP address
Groebl, Laurence (Laurence)
laurence.groebl at alcatel-lucent.com
Thu Nov 4 09:58:19 CET 2010
Hello Martin,
it's working (ipsec restart), thank you very much.
Best regards,
Laurence
> -----Original Message-----
> From: Martin Willi [mailto:martin at strongswan.org]
> Sent: Dienstag, 2. November 2010 13:51
> To: Groebl, Laurence (Laurence)
> Cc: users at lists.strongswan.org
> Subject: RE: [strongSwan] ikev2 - configuration payload in
> spite of explicit virtual IP address
>
>
>
> > The initiator stills send the configuration payload
>
> > > charon: 05[CFG] received stroke: add connection 'net-net'
> > > charon: 05[CFG] conn net-net
> > > charon: 05[CFG] left=192.168.20.51
> > > charon: 05[CFG] leftsubnet=(null)
> > > charon: 05[CFG] leftsourceip=192.168.10.20
> > > charon: 05[CFG] leftauth=psk
>
> According to your log, starter still loads the config with
> the leftsourceip specified. Double check that the
> configuration is updated and starter reload (ipsec restart).
>
> > What you you mean exactly by "Also, the IP address is not
> installed by
> > the daemon."
>
> The configuration payload mechanism used by leftsourceip
> requests an IP address from the gateway, optionally
> requesting a specific one. If the gateway accepts such a
> request, it responds with an IP address the client can use.
> The daemon automatically installs the address to the system.
>
> If you do not want to use the configuration payload exchange
> mechanism, you'll have to manually install this IP address on
> your system (i.e. ip address add 192.168.10.20 dev ethx). The
> daemon does not know it and is unable to do this for you.
>
> Regards
> Martin
>
>
>
More information about the Users
mailing list