Hi Michael,
I have a customer that connects his company to his home (AVM Fritzbox router).
You don't need another interface.
Here is the relevant part of the config (both sides have DynDNS):
----
ipsec.conf:
conn customer-home
left=customername.dyndns.com # local Astlinux DNS
leftsubnet=192.168.2.0/24 # customer Astlinux LAN
leftid=@customername.dyndns.com
right=customer-home.dyndns.com # remote DNS
rightid=@customer-home.dyndns.com
rightsubnet=192.168.1.0/24. # remote (home) LAN
--
ipsec.secrets - strongSwan IPsec secrets file
@customername.dyndns.com @customer-home.dyndns.com : PSK "+xyz123"
----
https://doc.astlinux-project.org/userdoc:tt_ipsec_vpn_strongswan
> Am 03.10.2024 um 05:27 schrieb Michael Knill
> <michael.kn...@ipcsolutions.com.au>:
>
> Hi Group
>
> I have Strongswan working from a remote router (That doesnt support Wireguard
> or OpenVPN) and it seems to work well in the lab.
> At the moment however I have set up a separate LAN interface allocated to
> 'leftsubnet' in ipsec.conf.
> As I dont really want to add a separate VM interface, I would like to set up
> a loopback interface in Astlinux and not sure of the best way to do this.
>
> Also wondering if the 'leftsubnet' could be the WAN IP Address which means I
> dont need another interface at all?
>
> Thanks all.
> Regards
> Michael Knill
> Managing Director
> D: +61 2 6189 1360
> P: +61 2 6140 4656
> E: michael.kn...@ipcsolutions.com.au
> W: ipcsolutions.com.au
> <Outlook-hdjfh1gy.png>Smarter Business Communications
Michael
http://www.mksolutions.info
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
