Thanks Lonnie. Yes I did think about doing that. I guess I cant see any reason why it shouldnt work but I do feel a little uncomfortable that its sitting on the WAN interface which is on an Ethernet segment shared by all the other systems.
Is there any way to create a Loopback interface? Regards Michael Knill ________________________________ From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> Sent: Friday, 4 October 2024 10:21 AM To: AstLinux Users Mailing List <astlinux-users@lists.sourceforge.net> Subject: Re: [Astlinux-users] Creating a loopback address on Astlinux You could make a LAN as a VLAN off the WAN (eth0) interface. ie. eth0.10 as the LAN, define a private network, and do as Michael described. Lonnie > On Oct 3, 2024, at 5:59 PM, Michael Knill <michael.kn...@ipcsolutions.com.au> > wrote: > > Thanks Michael but the Astlinux side in my case does not have a LAN e.g. just > a WAN interface > > Regards > Michael KnillFrom: Michael Keuter <li...@mksolutions.info> > Sent: Thursday, 3 October 2024 10:14 PM > To: AstLinux Users Mailing List <astlinux-users@lists.sourceforge.net> > Subject: Re: [Astlinux-users] Creating a loopback address on Astlinux > Update > > Michael > > http://www.mksolutions.info > > > > Am 03.10.2024 um 13:59 schrieb Michael Keuter <li...@mksolutions.info>: > > > > Hi Michael, > > > > I have a customer that connects his company to his home (AVM Fritzbox > > router). You don't need another interface. > > Here is the relevant part of the config (both sides have DynDNS): > > > > ---- > > ipsec.conf: > > > > conn customer-home > > left=customername.dyndns.com # local Astlinux DNS > > leftsubnet=192.168.2.0/24 # customer Astlinux LAN > > leftid=@customername.dyndns.com > > right=customer-home.dyndns.com # remote DNS > > rightid=@customer-home.dyndns.com > > rightsubnet=192.168.1.0/24. # remote (home) LAN > > rightsubnet=192.168.1.0/24 > > the dot at the end was a typo! > > > -- > > > > ipsec.secrets - strongSwan IPsec secrets file > > > > @customername.dyndns.com @customer-home.dyndns.com : PSK "+xyz123" > > ---- > > > > https://doc.astlinux-project.org/userdoc:tt_ipsec_vpn_strongswan > > > >> Am 03.10.2024 um 05:27 schrieb Michael Knill > >> <michael.kn...@ipcsolutions.com.au>: > >> > >> Hi Group > >> > >> I have Strongswan working from a remote router (That doesnt support > >> Wireguard or OpenVPN) and it seems to work well in the lab. > >> At the moment however I have set up a separate LAN interface allocated to > >> 'leftsubnet' in ipsec.conf. > >> As I dont really want to add a separate VM interface, I would like to set > >> up a loopback interface in Astlinux and not sure of the best way to do > >> this. > >> > >> Also wondering if the 'leftsubnet' could be the WAN IP Address which means > >> I dont need another interface at all? > >> > >> Thanks all. > >> Regards > >> Michael Knill > >> Managing Director > >> D: +61 2 6189 1360 > >> P: +61 2 6140 4656 > >> E: michael.kn...@ipcsolutions.com.au > >> W: ipcsolutions.com.au > >> <Outlook-hdjfh1gy.png>Smarter Business Communications > > > > > > Michael > > > > http://www.mksolutions.info > > > > > > > > > > > > _______________________________________________ > > Astlinux-users mailing list > > Astlinux-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > > Donations to support AstLinux are graciously accepted via PayPal to > > pay...@krisk.org. > > > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
