[Swan] assigning an IP address/interface to tunnel

Paul Wouters paul at nohats.ca
Tue Nov 22 02:09:03 UTC 2016


On Mon, 21 Nov 2016, Steve Postma wrote:

> I have several machines with working libreswan vpns to a cisco router.
> 
> I would like to assign ip addresses to a tunnel interface to help out with downrange routing issues.
> 
> Is VTI the only way to accomplish this?

Not sure I fully understand the question, but if you are assigned an IP
address, whether it is in IKEv1 or IKEv2, it should get added/removed
by the updown script. So using XAUTH or IKEv2 without VTI should also
work.

If you are talking about adding unrelated IP addresses to an interface,
then things are different. You would have to customize your own updown
script or indeed could use the leftvti/rightvti to add/remove the
address from the VTI interface.

Paul


More information about the Swan mailing list