[strongSwan] Strongswan client config and network interface

Noel Kuntze noel at familie-kuntze.de
Mon Sep 29 22:11:33 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Justin,

StrongSwan uses policy based routing by default, not route based routing.
That means that there is no device to route traffic into. Instead, there
are policies (ip xfrm policy)  that decide where traffic gets routed to.

Also, please stop using ifconfig. It's horribly deprecated and unmaintained since 2006.

Mit freundlichen Grüßen/Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 29.09.2014 um 22:05 schrieb Justin Michael Schwartzbeck:
> Hello,
>
> I configured strongswan to act as an IKEv2 client as instructed in the documentation:
>
> https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2ClientConfig
>
> Now I am able to create a client configuration in ipsec.conf named "client" and successfully establish the client connection using the "ipsec up client" command. However, I noticed that if I do an ifconfig command there is no interface for this connection, for example, no 'tun0' interface and when I check the route info there is nothing there pertaining to my vpn connection. I can do an "ipsec status client" and ipsec tells me the connection is up. It seems like ipsec is establishing the connection and maintaining the connection state, but doesn't bring up an interface in linux or change any of the routing information. Can someone give me some insight on how to set up strongswan to act as a vpn client in this way, or at least show me how to use the client connection after it has been set up?
>
> Thanks,
> -Justin
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUKbz1AAoJEDg5KY9j7GZYt98P/1yWnknvSMN0zW1zFqB9eU6g
+rMCOOqBNNIiFIK/Yjn54vXNStobCQsASdqKz28cJsdgMz6lfkgw6eMC6GO9wOp8
eZkRbBw7NXOk2i2SvySjOw6YoyYooR9bZ422BmrVZN0IffZEInt4nEsQCzyYqNY/
/Fr+bBVKNbcwnQ/WVFAbm9VGykiz6+mozl8MWVN/Pc7fQZIoR20JjVNUW3Dal7EM
kvhuMCOiSuzdwgbMou+LmmFUkjV0lI3UZn5szuOGynNGJb5QRB+kWq1jQgDwBdME
cDBTsDkXtwlKWZhcC6JtveByr5fHxT6fby9T2VBHP8EGLYjO9YEzvJ149hfY+bzl
68FgFGhwyps1944mWoc3r1/8K2oxLIMQUA8KKiFeK6nuDd7i5SXJ4F0+j61hh7Co
iH3TSmoI02WN+lBoAI/wOI+NJqfy4PADqQb6lz0vG/OU5J4g5PL8+ZzIRYYK+Y53
XrLsOExdvnGLIFTfaCZ3Kb27xs7Y80VYOVXil0lxgX4AK8QWvOE/M0TXNSRCZXQl
cHIx3shsvc5m7qJI2Q/vzx3fXNIkymm5vCYs6lsWmgGEUHhEndhbwpbm7JEfNr1P
m0tQ8DeZVUyJZxmpLnU0gIExaryd2BJzW2C1Nk32U8cXLyHF/ZsN6CH3TpcSyCE5
XKmilrvTmxFqPvUYFYDo
=oeoV
-----END PGP SIGNATURE-----




More information about the Users mailing list