[strongSwan] Telnet over a tunnel using Local IP (rather than Public IP)

Thomas Egerer thomas.egerer at secunet.com
Fri Dec 23 14:43:28 CET 2011

On 12/23/2011 11:17 AM, Anupam Malhotra wrote:
> Hi Thomas
> The IKE_SA-negotiation is not failing. The tunnel is coming up. Only issue
> is that the local IP is being seen at the remote end (rather than the public
> IP). 
Your output 'ip x s s' tells me, that your tunnel-endpoint on the local side
of the box running strongswan is your *local* ip-address.
> src <remote IP: xr.xr.xr.xr> dst <local IP:xl.xl.xl.xl>
> src <local IP: xl.xl.xl.xl> <remote IP: xr.xr.xr.xr>

This is only the case if your config tells strongswan to do so. If your
peer only accepts ESP packets from xp.xp.xp.xp then your tunnel-endpoint
(left in ipsec.conf) is supposed to say so. If that tunnel cannot be
created you should consult the log file. Your peer should have the
config modified appropriately.
Let us look at your ipsec.conf, maybe we can figure it out then.
Your peer is no strongswan, I assume?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20111223/77e84533/attachment.pgp>

More information about the Users mailing list