[strongSwan] IPSec Tunnel IP
Yusuf Güngör
yusufyusufyusuf at gmail.com
Wed Dec 27 11:01:50 CET 2017
Hi,
I have a configuration like below and VPN connection successfully
established but client side get "1.1.1.127" as tunnel IP. Can we change
this tunnel IP? I can not find any clue about why StrongSwan assign
"1.1.1.127" as tunnel IP to clients?
Thanks.
*StrongSwan Config (Left)*
conn vpn-test
left=%defaultroute
leftsubnet=172.30.1.1/25
leftauth=psk
leftfirewall=no
right=%any
rightsubnet=0.0.0.0/0
rightsourceip=10.254.0.0/24
auto=add
keyexchange=ikev1
rightauth=psk
rightauth2=xauth
type=tunnel
mobike=yes
rightid=%any
*Client VPN Status: (Aruba Instant AP - Right)*
current using tunnel :primary tunnel
current tunnel using time :1 hour 43 minutes 31
seconds
ipsec is preempt status :disable
ipsec is fast failover status :disable
ipsec hold on period :0s
ipsec tunnel monitor frequency (seconds/packet) :5
ipsec tunnel monitor timeout by lost packet cnt :6
ipsec primary tunnel crypto type :PSK
ipsec primary tunnel peer address :52.55.49.104
ipsec primary tunnel peer tunnel ip :1.1.1.127
ipsec primary tunnel ap tunnel ip :10.254.0.1
ipsec primary tunnel using interface :tun0
ipsec primary tunnel using MTU :1230
ipsec primary tunnel current sm status :Up
ipsec primary tunnel tunnel status :Up
ipsec primary tunnel tunnel retry times :6
ipsec primary tunnel tunnel uptime :1 hour 43 minutes 31
seconds
ipsec backup tunnel crypto type :PSK
ipsec backup tunnel peer address :N/A
ipsec backup tunnel peer tunnel ip :N/A
ipsec backup tunnel ap tunnel ip :N/A
ipsec backup tunnel using interface :N/A
ipsec backup tunnel using MTU :N/A
ipsec backup tunnel current sm status :Init
ipsec backup tunnel tunnel status :Down
ipsec backup tunnel tunnel retry times :0
ipsec backup tunnel tunnel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171227/c2066437/attachment.html>
More information about the Users
mailing list