[strongSwan] StrongSwan using Loopback IP address
Patrick Velder
lists at velder.li
Sat Jan 14 22:26:15 CET 2017
Hi
I'm operating a setup running BGP with a configured loopback:
185.117.xx.254.
As the loopback IP is reachable over all upstreams / peers /
downstreams, I'd like to use this IP as "leftsourceip":
Config:
>
> conn %default
> keyexchange=ikev1
> ikelifetime=86400s
> ike=aes256-sha512-modp4096!
> esp=aes256-sha512-modp1024!
> lifetime=1800s
> auto=start
> aggressive=no
>
> conn cr1-home
> left=185.117.xx.254
> right=84.75.xx.133
> authby=pubkey
> leftrsasigkey=/etc/ipsec.d/public/xx.pem
> rightrsasigkey=/etc/ipsec.d/public/yy.pem
> dpdaction=restart
> dpddelay=10s
> dpdtimeout=60s
>
> # Transport GRE
> conn cr1-home-gre
> also=cr1-home
> type=transport
> leftprotoport=gre
> rightprotoport=gre
>
> # Monitoring <-> Home
> conn cr1-home-monitoring
> also=cr1-home
> type=tunnel
> leftsubnet=185.117.xx.64/29
> rightsubnet=10.0.0.0/20
>
Now the problem is that StrongSwan tries to add a route for
"10.0.0.0/20" (rightsubnet) to "my transit's nexthop" (185.95.xxx.41)
via the "loopback interface" (dummy0), which of course fails as there is
only one /32 configured on the loopback interface:
> Jan 14 22:07:12 cr1 charon: 07[KNL] using 185.95.xx.41 as nexthop to
> reach 84.75.xx.133/32
> Jan 14 22:07:12 cr1 charon: 07[KNL] installing route: 10.0.0.0/20 via
> 185.95.xx.41 src 185.117.xx.65 dev dummy0
> Jan 14 22:07:12 cr1 charon: 07[KNL] unable to install source route for
> 185.117.xx.65
Is there a way to fix that?
Regards
Patrick
More information about the Users
mailing list