[strongSwan] listen interface specification
Piyush Agarwal
agarwalpiyush at gmail.com
Tue May 2 05:03:42 CEST 2017
I don't see any loopback addresses listed in the "known interfaces":
8150 00[KNL] known interfaces and IP addresses:
8151 00[KNL] p2p1
8152 00[KNL] 169.x.x.x
8153 00[KNL] fe80:::4ae5
where p2p1 interface has an internal 169 IP, not the one I want to listen
on. The IP I want to listen on is actually on the lo interface:
ip -d addr show lo | grep 104.100.x.x
inet 104.100.x.x/32 scope global lo
Not that it should matter, but all this is being done inside a ip/mininet
network namespace.
Thanks.
Piyush
On Mon, May 1, 2017 at 4:13 PM, Piyush Agarwal <agarwalpiyush at gmail.com>
wrote:
> Hi,
> I am using strongswan 5.1.2 on Ubuntu 14.04 and I need to specify the IP
> address on which to listen on. I found some ipsec.conf manpages (
> https://linux.die.net/man/5/ipsec.conf) which suggest a config item
> "listen", but strongswan 5.1.2 at least doesn't seem to have this option.
>
> Is there not a way to specify the listen IP address? In my case, this IP
> address is actually on the loopback interface. As long as I can specify the
> listen interface, I should be fine.
>
> config setup
> * listen=10.100.0.5*
>
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> keyexchange=ikev2
> authby=rsasig
>
> conn 10.10.10.8
> type=transport
> left=10.100.0.5
> leftcert=left.cert
> leftsendcert=always
> rightcert=right.cert
> right=10.10.10.8
> auto=start
>
> */etc/ipsec.conf:7: unknown keyword 'listen' [10.100.0.5]*
> *unable to start strongSwan -- fatal errors in config*
>
>
> --
> Piyush Agarwal
> Life can only be understood backwards; but it must be lived forwards.
>
>
--
Piyush Agarwal
Life can only be understood backwards; but it must be lived forwards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170501/1bfbbc7c/attachment.html>
More information about the Users
mailing list