[strongSwan] IPSec Tunnel IP

Yusuf Güngör 1yusufgungor at gmail.com
Wed Dec 27 09:27:38 CET 2017


Hi,

I have a configuration like below and VPN connection successfully
established but client side get "1.1.1.127" as tunnel IP. Can we change
this tunnel IP? I can not find any clue about why StrongSwan assign
"1.1.1.127" as tunnel IP to clients?

Thanks.


*StrongSwan Config (Left)*

conn vpn-test
  left=%defaultroute
  leftsubnet=172.30.1.1/25
  leftauth=psk
  leftfirewall=no
  right=%any
  rightsubnet=0.0.0.0/0
  rightsourceip=10.254.0.0/24
  auto=add
  keyexchange=ikev1
  rightauth=psk
  rightauth2=xauth
  type=tunnel
  mobike=yes
  rightid=%any


*Client VPN Status: (Aruba Instant AP - Right)*

current using tunnel                            :primary tunnel
current tunnel using time                       :1 hour 43 minutes 31
seconds
ipsec is preempt status                         :disable
ipsec is fast failover status                   :disable
ipsec hold on period                            :0s
ipsec tunnel monitor frequency (seconds/packet) :5
ipsec tunnel monitor timeout by lost packet cnt :6

ipsec     primary tunnel crypto type            :PSK
ipsec     primary tunnel peer address           :52.55.49.104
ipsec     primary tunnel peer tunnel ip         :1.1.1.127
ipsec     primary tunnel ap tunnel ip           :10.254.0.1
ipsec     primary tunnel using interface        :tun0
ipsec     primary tunnel using MTU              :1230
ipsec     primary tunnel current sm status      :Up
ipsec     primary tunnel tunnel status          :Up
ipsec     primary tunnel tunnel retry times     :6
ipsec     primary tunnel tunnel uptime          :1 hour 43 minutes 31
seconds

ipsec      backup tunnel crypto type            :PSK
ipsec      backup tunnel peer address           :N/A
ipsec      backup tunnel peer tunnel ip         :N/A
ipsec      backup tunnel ap tunnel ip           :N/A
ipsec      backup tunnel using interface        :N/A
ipsec      backup tunnel using MTU              :N/A
ipsec      backup tunnel current sm status      :Init
ipsec      backup tunnel tunnel status          :Down
ipsec      backup tunnel tunnel retry times     :0
ipsec      backup tunnel tunnel uptime          :0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171227/0390b386/attachment.html>


More information about the Users mailing list