[strongSwan] Virtual IP

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Mon Mar 26 12:27:02 CEST 2018

Then you have to restrict your transport mode configuration to your local subnet using remote_addrs = theSubnet/CIDR

On 26.03.2018 02:39, Info wrote:
> On 03/25/2018 04:02 PM, Noel Kuntze wrote:
>> Just use two conn definitions. One for your LAN and one for the initiators on the Internet.
> I tried to, but got the error shown.  The Android app won't connect, and the responder's log says a VIP is required.  The error isn't direct, but a search shows you in an earlier listserv recommending that solution for my exact error.
> And when I add a local VIP, it goes instead to the remote phone.  And any ping from the phone to responder, instead goes out the through the public IP.
> This is using swanctl, certs, no SELinux, and open firewall.  The IPSec gateway is inside the LAN and reached by DNAT in and SNAT out.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180326/d121fc5f/attachment.sig>

More information about the Users mailing list