[prev in list] [next in list] [prev in thread] [next in thread] 

List:       strongswan-announce
Subject:    Re: [strongSwan-dev] Load-tester issue
From:       Tobias Brunner <tobias () strongswan ! org>
Date:       2015-02-12 8:38:00
Message-ID: 54DC6668.7060408 () strongswan ! org
[Download RAW message or body]

Hi Meenakshi,

>             request_virtual_ip = yes
>             ...
>             initiator_ts = 10.10.3.1/24

If you use `request_virtual_ip = yes` you don't have to specify the
initiator's traffic selector (`initiator_ts` is actually not a valid
option, the initiator's local TS would be set in `initiator_tsi`).

But to replace the default route and not only tunnel traffic to your
responder (i.e. 10.101.248.152/32) you'll have to specify `initiator_tsr
= 0.0.0.0/0`, otherwise the responder, even when configured with
`leftsubnet = 0.0.0.0/0`, will narrow the remote TS to the single IP
address proposed by the client.

> Also I see that my ipsec statusall shows everything to be /32 but i
> have configured on the server for it to be /24.

The option `rightsourceip=10.10.3.0/24` specifies an IP address pool for
virtual IP addresses assigned to clients, not a traffic selector.  In
your case the address 10.10.3.1/32 is assigned to the client via
configuration payloads.

Regards,
Tobias

_______________________________________________
Dev mailing list
Dev@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]