[strongSwan] VTI Interface without virtual IPs
Berlakovich Felix (OeRK-W)
Felix.Berlakovich at w.roteskreuz.at
Tue Mar 28 15:54:13 CEST 2017
Hi!
I have an IPsec tunnel connection between Strongswan and a Cisco device that looks roughly as follows
left=<mypublicip>
right=<theirpublicip>
leftsubnet=<ourinternalnetwork>
rightsubnet=<theirinternalnetwork>
keyexchange=ikev1
ike=aes256-sha1-modp1536!
ikelifetime=3600s
esp=aes256-sha1-modp1536!
keylife=3600s
type=tunnel
compress=no
authby=secret
auto=start
keyingtries=%forever
There are no tunnel ip addresses in use and configuring one with leftsourceip breaks the connection. I would like to have a VTI interface representing the tunnel. This would simplify packet capture and iptables configuration. However, all the examples I could find configured the VTI interface with local and remote IP address. Is my intended configuration even possible?
Best regards
Felix Berlakovich
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170328/1241b1a8/attachment.html>
More information about the Users
mailing list