[strongSwan] connection from private networks?
Volodymyr Litovka
doka.ua at gmx.com
Wed Jan 6 10:39:27 CET 2021
Hi,
nevermind, my fault. After adding more interfaces to the server it's
good idea to add their new addresses to conn.local_addrs :-)
Thanks.
On 05.01.2021 23:18, Volodymyr Litovka wrote:
>
> Hello colleagues,
>
> I added yet another connection (absolutely similar to others - on both
> server and client side, except source WAN address) to the config and
> this endpoint can not connect:
>
> charon-systemd[89567]: ike config match: 0 (x.x.x.x...%any IKEv2)
> charon-systemd[89567]: ike config match: 0 (x.x.x.x...y.y.y.y IKEv2)
> charon-systemd[89567]: ike config match: 0 (x.x.x.x...z.z.z.z IKEv2)
> charon-systemd[89567]: ike config match: 0 (x.x.x.x...%any IKEv2)
> charon-systemd[89567]: message repeated 6 times: [ ike config match: 0 (x.x.x.x...%any IKEv2)]
>
> the only difference between this one and other (with same config as I
> said above) is source address - this one which is failing is the only
> one which connects from private networks, other connections are from
> Internet.
>
> Connectivity is ok, hosts can ping each other, so no issues on network
> side. For some reasons, Strongswan can not find connection's config.
>
> Sorry for probably stupid question, but the quick question at the
> moment is - can be there some restrictions in Strongswan which prevent
> connections from RFC1918 networks and, if they are, where are they?
>
> Thank you.
>
> --
> Volodymyr Litovka
> "Vision without Execution is Hallucination." -- Thomas Edison
--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210106/6cc0f2b8/attachment.html>
More information about the Users
mailing list