[strongSwan] Virtual IP

Info infosec at quantum-equities.com
Mon Mar 26 02:39:46 CEST 2018


On 03/25/2018 04:02 PM, Noel Kuntze wrote:
> Just use two conn definitions. One for your LAN and one for the initiators on the Internet.

I tried to, but got the error shown.  The Android app won't connect, and
the responder's log says a VIP is required.  The error isn't direct, but
a search shows you in an earlier listserv recommending that solution for
my exact error.

And when I add a local VIP, it goes instead to the remote phone.  And
any ping from the phone to responder, instead goes out the through the
public IP.

This is using swanctl, certs, no SELinux, and open firewall.  The IPSec
gateway is inside the LAN and reached by DNAT in and SNAT out.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180325/bb53a0b6/attachment.html>


More information about the Users mailing list