[strongSwan] Virtual IP on Linux for Services on same server?

lithium381 at juno.com lithium381 at juno.com
Thu Jul 9 08:17:11 CEST 2015

This is my first time running StongSwan, so please excuse any obvious oversights.   My Linux experience is intermediate. My networking experience is advanced.  

I'm running several services on a VPS which are currently accessible directly from the External IP address of the VPS and functioning fine.  I want to protect those services and make them available to ONLY mobile clients connected via VPN.  I'm able to connect to StrongSwan from both my Mac and my Android and it assigns me a tunnel IP;   I'm simply confused about how I can move the clients and my service to an interface "behind" the VPN connection but within the same server.   (I've done LOTS of IPSEC tunnels with Cisco and Juniper devices as site-to site as well as remote access, this is my first time on linux)  

Do I need to create a logical interface in linux and bind my services to listen there and then setup iptables rules to explicitly allow that internal traffic while allowing only 500/4500 externally? within strongswan, then, advertize that logical interface as a /32 with 'leftsubnet' ?  

        left=               #external IP
        rightsourceip=   #assign to clients

I've attached a rudimentary diagram.  Here is the link if it doesn't come through properly:  http://tinypic.com/r/14sf8g8/8 
Thanks in advance for any insight.

Old School Yearbook Pics
View Class Yearbooks Online Free. Search by School & Year. Look Now!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Drawing2.jpg
Type: image/jpeg
Size: 210502 bytes
Desc: Drawing2.jpg
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150709/f821b606/attachment-0001.jpg>

More information about the Users mailing list