[strongSwan] Create tunnels for LXCs on Host (is it possible?)
karb at comprehend.com
Thu Aug 24 21:33:21 CEST 2017
I have the following network setup:
LXC1(eth0: 192.168.1.100/24) (eth0: 192.168.1.200/24)LXC2
Each LXC lives on its corresponding Host. br1 (a bridge) on each Host is
mapped to eth0 on each LXC. IP addresses for all entities are in the same
I want to configure strongswan on each Host machine to encrypt traffic
between the LXCs. (strongswan is installed on the Hosts only, not the LXCs.)
I'm not sure that this is a supported scenario for strongswan, but this is
our current deployment nonetheless. So, I'm curious if there is any hope of
I've included my current configurations, which don't function (the SPD
isn't hit when traffic is passing from LXC 1 to LXC 2). Note that the same
configuration specifying the Host IPs (192.168.1.10 and 192.168.1.20)
functions as expected (so I assume it is generally correct).
Is this scenario supported by strongswan? If so, I'd greatly appreciate any
help getting my configuration working.
ipsec.conf (Host 1, Host 2 flips left and right addresses):
# ipsec.conf - strongSwan IPsec configuration file
# Add connections here.
ipsec.secrets (Host 1 & Host 2):
192.168.1.100 192.168.1.200 : PSK "secretpassword"
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users