[strongSwan] Manual 'ip addr add' required on debian?

Justin Cinkelj justin.cinkelj at xlab.si
Fri Feb 24 19:04:33 CET 2012


I have problem setting up host-host connection between two debian 
virtual machines.
Debian version 6.0, strongswan 4.4.1-5.1.

VM2 has IP 10.1.0.2/24, and should get additional IP 10.32.1.2/32.
VM3 has IP 10.1.0.3/24, and should get additional IP 10.32.1.3/32.

Trial 1:
VM2: ipsec stop
VM3: ipsec stop
No VM has 10.32.1.x IP at that point
#
VM2: ipsec start
VM3: ipsec start
VM2 has 10.32.1.2/32, VM3 has 10.32.1.3/32, and they can ping each other.
#
VM2: ipsec stop
VM2: ipsec start
VM2 has 10.32.1.2/32, but VM3 does not have 10.32.1.3/32.
#
VM3: ipsec stop
VM3: ipsec start
Now VM2 doesn't have 10.32.1.2/32, and VM3 has 10.32.1.3/32
At that time, in VM3 log:
no local address found in traffic selector 10.32.1.2/32

So, If I do 'ipsec restart' on either VM, a working connection is 
broken, as the opposite VM doesn't have a matching IP.
Same happens at VM reboot.

It helps to do "ip addr add dev eth0 10.32.1.x" on both VMs. "ipsec 
stop" then does not remove the IP, so connection works.
Is this normal behavior, or some misconfiguration of my setup?

Thanks for clarification,
Justin





More information about the Users mailing list