[strongSwan] listen interface specification

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Tue May 2 09:42:37 CEST 2017


It can only be set with the charon.interfaces_use and charon.interfaces_ignore settings in strongswan.conf.
You need to read the man page that corresponds to your software. The one you linked is for openswan, which doesn't share
any code with strongSwan. It even says so in the text.

On 02.05.2017 01:13, Piyush Agarwal wrote:
> Hi,
> I am using strongswan 5.1.2 on Ubuntu 14.04 and I need to specify the IP address on which to listen on. I found some ipsec.conf manpages (https://linux.die.net/man/5/ipsec.conf) which suggest a config item "listen", but strongswan 5.1.2 at least doesn't seem to have this option.
>
> Is there not a way to specify the listen IP address? In my case, this IP address is actually on the loopback interface. As long as I can specify the listen interface, I should be fine.
>
> config setup
> *    listen=10.100.0.5*
>
> conn %default
>     ikelifetime=60m
>     keylife=20m
>     rekeymargin=3m
>     keyingtries=1
>     keyexchange=ikev2
>     authby=rsasig
>
> conn 10.10.10.8
>     type=transport
>     left=10.100.0.5
>     leftcert=left.cert
>     leftsendcert=always
>     rightcert=right.cert
>     right=10.10.10.8
>     auto=start
>
> */etc/ipsec.conf:7: unknown keyword 'listen' [10.100.0.5]*
> *unable to start strongSwan -- fatal errors in config*
>
>
> -- 
> Piyush Agarwal
> Life can only be understood backwards; but it must be lived forwards.
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170502/ea1828d1/attachment.sig>


More information about the Users mailing list