[strongSwan] Create tunnels for LXCs on Host (is it possible?)

Kellen Arb karb at comprehend.com
Thu Aug 24 21:33:21 CEST 2017


I have the following network setup:

LXC1(eth0:       (eth0:

Each LXC lives on its corresponding Host. br1 (a bridge) on each Host is
mapped to eth0 on each LXC. IP addresses for all entities are in the same

I want to configure strongswan on each Host machine to encrypt traffic
between the LXCs. (strongswan is installed on the Hosts only, not the LXCs.)

I'm not sure that this is a supported scenario for strongswan, but this is
our current deployment nonetheless. So, I'm curious if there is any hope of
it working.

I've included my current configurations, which don't function (the SPD
isn't hit when traffic is passing from LXC 1 to LXC 2). Note that the same
configuration specifying the Host IPs ( and
functions as expected (so I assume it is generally correct).

Is this scenario supported by strongswan? If so, I'd greatly appreciate any
help getting my configuration working.

Thank You,
Kellen Arb

ipsec.conf (Host 1, Host 2 flips left and right addresses):
# ipsec.conf - strongSwan IPsec configuration file
config setup
# Add connections here.
conn red-to-blue

ipsec.secrets (Host 1 & Host 2): : PSK "secretpassword"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170824/a367a5d1/attachment-0001.html>

More information about the Users mailing list