Re: [strongSwan] IPSec Tunnel IP

Thu, 28 Dec 2017 05:13:03 -0800 

Hello,

It's because you set "rightsubnet=0.0.0.0/0" and evidently the AP proposes 
"1.1.1.127" as its local TS, so it gets narrowed to that. I propose you delete 
those two lines.

Kind regards

Noel

On 27.12.2017 11:01, Yusuf Güngör wrote:
> Hi,
>
> I have a configuration like below and VPN connection successfully established 
> but client side get "1.1.1.127" as tunnel IP. Can we change this tunnel IP? I 
> can not find any clue about why StrongSwan assign "1.1.1.127" as tunnel IP to 
> clients?
>
> Thanks.
>
>
> *StrongSwan Config (Left)*
>
>     conn vpn-test
>       left=%defaultroute
>       leftsubnet=172.30.1.1/25 <http://172.30.1.1/25>
>       leftauth=psk
>       leftfirewall=no
>       right=%any
>       rightsubnet=0.0.0.0/0 <http://0.0.0.0/0>
>       rightsourceip=10.254.0.0/24 <http://10.254.0.0/24>
>       auto=add
>       keyexchange=ikev1
>       rightauth=psk
>       rightauth2=xauth
>       type=tunnel
>       mobike=yes
>       rightid=%any
>
>
> *Client VPN Status: (Aruba Instant AP - Right)*
>
>     current using tunnel                            :primary tunnel
>     current tunnel using time                       :1 hour 43 minutes 31 
> seconds 
>     ipsec is preempt status                         :disable
>     ipsec is fast failover status                   :disable
>     ipsec hold on period                            :0s
>     ipsec tunnel monitor frequency (seconds/packet) :5
>     ipsec tunnel monitor timeout by lost packet cnt :6
>
>     ipsec     primary tunnel crypto type            :PSK
>     ipsec     primary tunnel peer address           :52.55.49.104
>     ipsec     primary tunnel peer tunnel ip         :1.1.1.127
>     ipsec     primary tunnel ap tunnel ip           :10.254.0.1
>     ipsec     primary tunnel using interface        :tun0
>     ipsec     primary tunnel using MTU              :1230
>     ipsec     primary tunnel current sm status      :Up
>     ipsec     primary tunnel tunnel status          :Up
>     ipsec     primary tunnel tunnel retry times     :6
>     ipsec     primary tunnel tunnel uptime          :1 hour 43 minutes 31 
> seconds 
>
>     ipsec      backup tunnel crypto type            :PSK
>     ipsec      backup tunnel peer address           :N/A
>     ipsec      backup tunnel peer tunnel ip         :N/A
>     ipsec      backup tunnel ap tunnel ip           :N/A
>     ipsec      backup tunnel using interface        :N/A
>     ipsec      backup tunnel using MTU              :N/A
>     ipsec      backup tunnel current sm status      :Init
>     ipsec      backup tunnel tunnel status          :Down
>     ipsec      backup tunnel tunnel retry times     :0
>     ipsec      backup tunnel tunnel
>
>

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to