Is this the ipsec status output you’re looking for? This is from the client machine.
+ ipsec whack --status 000 using kernel interface: netkey 000 interface lo/lo ::1.2.3.4@500 000 interface lo/lo 127.0.0.1@4500 000 interface lo/lo 127.0.0.1@500 000 interface enp3s0/enp3s0 4.3.2.1@4500 000 interface enp3s0/enp3s0 4.3.2.1@500 000 interface enp7s0/enp7s0 1.2.3.4@4500 000 interface enp7s0/enp7s0 1.2.3.4@500 000 interface enp7s0:1/enp7s0:1 2.2.3.4@4500 000 interface enp7s0:1/enp7s0:1 2.2.3.4@500 000 interface enp10s0/enp10s0 10.10.20.254@4500 000 interface enp10s0/enp10s0 10.10.20.254@500 > On Aug 27, 2018, at 1:05 PM, Paul Wouters <[email protected]> wrote: > > On Mon, 27 Aug 2018, Craig Marker wrote: > >> I recently experienced an issue where a SA was established even though the >> new NAT mapping (the NATD source IP) was a different IP address than what >> was configured >> in my ipsec.conf file. Is this expected? Is there something I’m doing in my >> configuration files to allow this? Could this be a bug? > > I don't think that is possible. Is the other IP a valid IP on your > machine? does it show up at the first bit of "ipsec status" ? > > Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
