16 May
2019
16 May
'19
10:40 a.m.
Hi all,
I’m trying to use a Docker/Alpine/Strongswan container on my VPS to connect to another
site via IPSec (not my site, not my VPN choice). I’m a newbie to IPSec and would
appreciate some help with what I think is probably a pretty basic issue.
The IPSec config I have been given (below) is for a site-to-site connection. There is a
machine on 10.99.102.92 at the remote site sending packets to 172.30.11.2 on my end and I
need the container to be both the VPN endpoint and the destination machine (172.30.11.2).
The IPSec connection is established just fine, but I can’t figure out how to properly
associate the IP address with the tunnel. I thought this was a simple matter of
configuring the IP address on the tunnel device (tunl0) but this fails in a pretty bizarre
manner: if I configure the tunnel using ‘ip addr add 172.30.11.2/30 dev tunl0’ then I
receive no packets at all. However, if I configure it for any other address in the range,
I get the packets for 172.30.11.2.
Can someone tell me how I’m supposed to do this?
ipsec.conf:
conn %default
ikelifetime=60m
keylife=60m
rekeymargin=3m
keyingtries=1
authby=secret
dpdaction=restart
dpddelay=30s
dpdtimeout=120
conn net-net
authby=psk
lifetime=60m
type=tunnel
right=xx.xx.xx.xx
rightsubnet=10.99.102.80/28
rightid=office
rightfirewall=yes
ike=aes256-sha1-modp1024!
esp=aes256-sha1-modp1024!
leftid=remote
leftsubnet=172.30.11.0/30
auto=start
Regards,
Chris
—
Chris Smith <space.dandy(a)icloud.com>