[Swan] RES: assigning an IP address/interface to tunnel

[Bruno Lopes de Souza Benchimol]

Paul,

 I believe it's the same issue we discussed on leftvti ip situation (which is already in code, last time i checked). 
 
 But i didnt get enough time yet to build devel to test it out, but i believe next version will bring it, correct ?

I belive that because Steve said "routing issues" + "cisco router" , so its pretty similar to the case i present, but instead of cisco, i use palo alto (very similar to the cisco concept)

Att,
Bruno Benchimol

Tribunal de Justiça do Estado Pará
Chefe do Serviço de Segurança e Sistemas Básicos
(91) 3250-8383

-----Mensagem original-----
De: Swan [mailto:swan-bounces at lists.libreswan.org] Em nome de Paul Wouters
Enviada em: segunda-feira, 21 de novembro de 2016 23:09
Para: Steve Postma
Cc: swan at lists.libreswan.org
Assunto: Re: [Swan] assigning an IP address/interface to tunnel

On Mon, 21 Nov 2016, Steve Postma wrote:

> I have several machines with working libreswan vpns to a cisco router.
> 
> I would like to assign ip addresses to a tunnel interface to help out with downrange routing issues.
> 
> Is VTI the only way to accomplish this?

Not sure I fully understand the question, but if you are assigned an IP address, whether it is in IKEv1 or IKEv2, it should get added/removed by the updown script. So using XAUTH or IKEv2 without VTI should also work.

If you are talking about adding unrelated IP addresses to an interface, then things are different. You would have to customize your own updown script or indeed could use the leftvti/rightvti to add/remove the address from the VTI interface.

Paul
_______________________________________________
Swan mailing list
Swan at lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan

--
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.