I don't see any loopback addresses listed in the "known interfaces":
8150 00[KNL] known interfaces and IP addresses: 8151 00[KNL] p2p1 8152 00[KNL] 169.x.x.x 8153 00[KNL] fe80:::4ae5 where p2p1 interface has an internal 169 IP, not the one I want to listen on. The IP I want to listen on is actually on the lo interface: ip -d addr show lo | grep 104.100.x.x inet 104.100.x.x/32 scope global lo Not that it should matter, but all this is being done inside a ip/mininet network namespace. Thanks. Piyush On Mon, May 1, 2017 at 4:13 PM, Piyush Agarwal <agarwalpiy...@gmail.com> wrote: > Hi, > I am using strongswan 5.1.2 on Ubuntu 14.04 and I need to specify the IP > address on which to listen on. I found some ipsec.conf manpages ( > https://linux.die.net/man/5/ipsec.conf) which suggest a config item > "listen", but strongswan 5.1.2 at least doesn't seem to have this option. > > Is there not a way to specify the listen IP address? In my case, this IP > address is actually on the loopback interface. As long as I can specify the > listen interface, I should be fine. > > config setup > * listen=10.100.0.5* > > conn %default > ikelifetime=60m > keylife=20m > rekeymargin=3m > keyingtries=1 > keyexchange=ikev2 > authby=rsasig > > conn 10.10.10.8 > type=transport > left=10.100.0.5 > leftcert=left.cert > leftsendcert=always > rightcert=right.cert > right=10.10.10.8 > auto=start > > */etc/ipsec.conf:7: unknown keyword 'listen' [10.100.0.5]* > *unable to start strongSwan -- fatal errors in config* > > > -- > Piyush Agarwal > Life can only be understood backwards; but it must be lived forwards. > > -- Piyush Agarwal Life can only be understood backwards; but it must be lived forwards.
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users