[strongSwan] Virtual IP
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Mon Mar 26 12:27:02 CEST 2018
Then you have to restrict your transport mode configuration to your local subnet using remote_addrs = theSubnet/CIDR
On 26.03.2018 02:39, Info wrote:
>
> On 03/25/2018 04:02 PM, Noel Kuntze wrote:
>> Just use two conn definitions. One for your LAN and one for the initiators on the Internet.
>
> I tried to, but got the error shown. The Android app won't connect, and the responder's log says a VIP is required. The error isn't direct, but a search shows you in an earlier listserv recommending that solution for my exact error.
>
> And when I add a local VIP, it goes instead to the remote phone. And any ping from the phone to responder, instead goes out the through the public IP.
>
> This is using swanctl, certs, no SELinux, and open firewall. The IPSec gateway is inside the LAN and reached by DNAT in and SNAT out.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180326/d121fc5f/attachment.sig>
More information about the Users
mailing list