On Mon, 18 Sep 2017, Glenn Pierce wrote:
So I am trying to implement https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
I have an existing site to site vpn working fine and it looks like Site A -> Firewall With NAT -> Site B Now we want some roaming employees to access site A by having a vpn login to Site B. My first question is The instructions above say the config variable left is an actual ip. Is the the firewall address as our SiteB does not have a public address ?
It must be an actual IP on the machine. If you use %defaultroute as value, it will pick up the IP address that is used for the default route. If you do ID's based on IP, then you need to specify leftid=PublicIP. But if you use certificates, you don't need that, as the ID comes from the certificate.
# The server's actual IP goes here - not elastic IPs left=1.2.3.4 sorry not sure what elastic means here.
elastic IP is what Amazon calls the public IP they run as your "front end". So it is "your public IP" but they NAT it to your private cloud IP. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
