On 2017-09-22 02:13 PM, Whit Blauvelt wrote: >> Linux aliases are a deprecated concept. Bind the IP to any local >> interface. Preferably one that can not go down. You can just add it. >> Anyway, charon needs to listen on the IP to be able to send packets from >> it. > > I use the word "alias" incorrectly then. It is bound: > > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group > default qlen 1 > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > valid_lft forever preferred_lft forever > inet 54.69.126.245/32 scope global lo > valid_lft forever preferred_lft forever
Is that really needed? AFAIK, having left=%any and leftid=$EIP did the trick on AWS. Regards, Simon
signature.asc
Description: OpenPGP digital signature
