[strongSwan] VTI Interface without virtual IPs
Noel Kuntze
noel at familie-kuntze.de
Tue Mar 28 19:04:58 CEST 2017
> There are no tunnel ip addresses in use and configuring one with leftsourceip breaks the connection. I would like to have a VTI interface representing the tunnel. This would simplify packet capture and iptables configuration. However, all the examples I could find configured the VTI interface with local and remote IP address. Is my intended configuration even possible?
Yes, you don't need to use any virtual IPs with tunnel interfaces. In fact, you shouldn't manage the interfaces using the IKE daemon at all. Just create the device (and maybe assign addresses and routes for it) when the network is initialized,
then start charon and use auto=route.
> This would simplify packet capture and iptables configuration.
This is a moot point, because it's not really difficult.
--
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170328/4ccfd71e/attachment.sig>
More information about the Users
mailing list