Hi!
I have an IPsec tunnel connection between Strongswan and a Cisco device that
looks roughly as follows
left=<mypublicip>
right=<theirpublicip>
leftsubnet=<ourinternalnetwork>
rightsubnet=<theirinternalnetwork>
keyexchange=ikev1
ike=aes256-sha1-modp1536!
ikelifetime=3600s
esp=aes256-sha1-modp1536!
keylife=3600s
type=tunnel
compress=no
authby=secret
auto=start
keyingtries=%forever
There are no tunnel ip addresses in use and configuring one with leftsourceip
breaks the connection. I would like to have a VTI interface representing the
tunnel. This would simplify packet capture and iptables configuration. However,
all the examples I could find configured the VTI interface with local and
remote IP address. Is my intended configuration even possible?
Best regards
Felix Berlakovich
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
