[strongSwan] Dynamic IP to VPS site-to-site

Noel Kuntze noel at familie-kuntze.de
Thu Dec 25 20:38:05 CET 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Zesen,

The mail server of my provider does not accept your email address for some reason.
I can not send anything to you directly.

The issue with the kernel choosing ::1 as IP to send the packets from is a problem with the IPv6 routing
of strongSwan. The routes it installs are in table 220. I could reproduce the problem and also found other problems with IPv6 routing.
I will investigate this further until I can pinpoint what is wrong with the routes there.


Mit freundlichen Grüßen/Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 24.12.2014 um 15:45 schrieb Zesen Qian:
> Noel Kuntze <noel at familie-kuntze.de> writes:
>
>> Hello Eric,
>>
>> See [1] for authentication using X509 certificates and site-to-site tunnels.
>>
>> [1] http://www.strongswan.org/uml/testresults/ikev2/net2net-cert/
>>
>> Mit freundlichen Grüßen/Regards,
>> Noel Kuntze
>>
>> GPG Key ID: 0x63EC6658
>> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>>
>> Am 24.12.2014 um 00:42 schrieb Eric Zhang:
>>> How can I use  RSA authentication with X.509 certificates to setup ip tunnel between my PPPoE to VPS (which has fix IP)?
>>>
>>> Thanks
>>>
>>> Eric
>>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
> Hello Noel,
>       I guess the question Eric want to ask is mainly about site-to-site
>       with "dynamic IP" on one side, while the other side has fixed IP.
>       I 'm also eager to know since it's my situation too. :) My IPv6
>       address is dynamic.
>       If I ommit the left= paramter, which defaults to %any, it
>       sometimes(and randomly) would use ::1 on local, which surely
>       won't success. Other times it would use the global address which
>       works just find.
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUnGedAAoJEDg5KY9j7GZYu3sP/RNJdlgfDfQC3ZGx4fwSWTcp
r+NPwawQfi/4wKsWiPBrnxMj6uXQlYlNkAtNELQ4lA2gRXLY0k9Y7AD4vMT50VCy
+ViTpstpJl2LyCTG8TXN1uniyaU5AW9LainS4lL6GiuHdwtclOwNsxHjp0TFQpYz
Q2YWMTiLIbqq+7jJX2MYs+m3hDDvYdOiXsNlI5ayVd/OLASKeQySFW1kVz+Jt8uM
XkFKSkMxjRzwM67dXz78WI55JQLo95/Y4BGOjY81+/l1L9qGih/cVPUPqfQLvNwQ
ezhJVQ9jAqwz0qsH9r/AdNlCGsGVNv7hKMp77ykKg/8aWqnQpV6RaYInRxAZkIOB
44iPYBXxmEtnIrrvUJmhn47UMUKPz/lcLte1KGuO4tfmfMJ6xxBJap2DG/t9x8eg
zdyu6kMNeDpkLZxeug0zbVzOyqS90EXVTTIatnt8hGJqywpLBu+1k0SNJ1KmKcTc
FAGYFcb6cbUGJG9MgyN1kYkfsEf1ZpaOUhdQiJd3s1dQv70PgEZvaKxm8LekR/fO
1YHbFg93dcCmGPWt7cX2FpIeWCERscheppbqxbXaVeuvh/PHsMkmHlnDG4zdYN31
B/t1k6QRnORALEHJgciaW8uKyY3lY3MUdvhKQLmudTG5T9hd9gOe/5NoKi6znklI
kTx846/9jF5Mn63FR6cx
=zeDn
-----END PGP SIGNATURE-----

More information about the Users mailing list