[strongSwan] Create tunnels for LXCs on Host (is it possible?)
Kellen Arb
karb at comprehend.com
Thu Aug 24 21:33:21 CEST 2017
Hello,
I have the following network setup:
LXC1(eth0: 192.168.1.100/24) (eth0: 192.168.1.200/24)LXC2
Host1(br1: 192.168.1.10/24)-----(br1:192.168.1.20/24)Host2
Each LXC lives on its corresponding Host. br1 (a bridge) on each Host is
mapped to eth0 on each LXC. IP addresses for all entities are in the same
subnet.
I want to configure strongswan on each Host machine to encrypt traffic
between the LXCs. (strongswan is installed on the Hosts only, not the LXCs.)
I'm not sure that this is a supported scenario for strongswan, but this is
our current deployment nonetheless. So, I'm curious if there is any hope of
it working.
I've included my current configurations, which don't function (the SPD
isn't hit when traffic is passing from LXC 1 to LXC 2). Note that the same
configuration specifying the Host IPs (192.168.1.10 and 192.168.1.20)
functions as expected (so I assume it is generally correct).
Is this scenario supported by strongswan? If so, I'd greatly appreciate any
help getting my configuration working.
Thank You,
Kellen Arb
ipsec.conf (Host 1, Host 2 flips left and right addresses):
# ipsec.conf - strongSwan IPsec configuration file
config setup
# Add connections here.
conn red-to-blue
authby=secret
auto=route
keyexchange=ike
left=192.168.1.100
right=192.168.1.200
type=transport
esp=aes128gcm16!
ipsec.secrets (Host 1 & Host 2):
192.168.1.100 192.168.1.200 : PSK "secretpassword"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170824/a367a5d1/attachment-0001.html>
More information about the Users
mailing list