[strongSwan] Problem connecting to a Cisco Unity gateway
Bas van Dijk
v.dijk.bas at gmail.com
Fri Mar 20 17:50:29 CET 2015
I forgot to mention that I see the following in the log:
Mar 20 17:36:42 zeus charon[4136]: 14[KNL] getting a local address in
traffic selector 172.16.48.16/28
Mar 20 17:36:42 zeus charon[4136]: 14[KNL] no local address found in
traffic selector 172.16.48.16/28
On 20 March 2015 at 17:48, Bas van Dijk <v.dijk.bas at gmail.com> wrote:
> Hi Tobias,
>
> Sorry for the late reply.
>
> It seems my strongswan doesn't setup the route since `ip route list
> table 220` doesn't show anything. I think I'm suffering from bug:
> https://wiki.strongswan.org/issues/197.
>
> As a work-around I will try to manually add the route:
>
> 10.180.0.0/16 via <default GW> dev eth0 proto static src 172.16.48.16
>
> Cheers,
>
> Bas
>
> On 18 February 2015 at 17:03, Tobias Brunner <tobias at strongswan.org> wrote:
>> Hi Bas,
>>
>>> So am I right that the only thing left to do is configure my system so
>>> that packets to hosts on the 10.180.0.0/24 subnet appear to come from
>>> a host on the 172.16.48.16/28 subnet?
>>>
>>> To accomplish this I already added the additional IP address
>>> 172.16.48.16 to my NIC (besides the DHCP configured 192.168.42.162).
>>>
>>> What's the next step? Do I need to add a route or some iptables rule?
>>
>> strongSwan should find the address you added to the NIC and install an
>> appropriate route to routing table 220 automatically. You may check
>> with `ip route list table 220`. This route will look similar to this:
>>
>> 10.180.0.0/16 via <default GW> dev eth0 proto static src 172.16.48.16
>>
>> This should force 172.16.48.16 as source address for packets sent to
>> hosts in 10.180.0.0/16. (Depending on how the other peer is configured
>> you might want to try a different IP from your source subnet e.g. .17,
>> because .16 is the network ID, while .31 is the broadcast address).
>>
>> Regards,
>> Tobias
>>
More information about the Users
mailing list