[Openswan Users] changing ip bound to ipsec0
Kevin Dea
kdea at strozllc.com
Wed Jun 6 15:32:42 EDT 2007
Hi,
I'm trying to configure an VPN tunnel, but we're discovering that it
causes conflicts with some other processes we do on this box. To
mitigate this problem, I created an alias interface called eth0:sec with
the IP xx.yy.zz.133. The original interface, eth0, had the IP of
xx.yy.zz.130.
When I restart ipsec, I notice that the interface ipsec0 is still bound
to xx.yy.zz.130. Here is my /etc/ipsec.conf
conn ny-bo
type=tunnel
left=xx.yy.zz.133
leftnexthop=%defaultroute
leftsubnet=10.1.0.0/24
leftid=xx.yy.zz.133
right=aa.bb.cc.34
rightnexthop=aa.bb.cc.33
rightsubnet=10.1.5.0/23
rightid=aa.bb.cc.33
authby=secret
pfs=no
auto=start
keyingtries=3
rekey=no
keyexchange=ike
Not only does ipsec0 stay bound to xx.yy.zz.130, if I start the tunnel
with
/usr/local/sbin/ipsec auto -verbose -down ny-bo
I get:
022 "ny-bo": We cannot identify ourselves with either end of this
connection.
Is there a way I can change the IP that is bound to ipsec0?
Kevin Dea
Network Administrator
Stroz Friedberg, LLC
15 Maiden Lane, 12th Floor
New York, NY 10038
Phone: 212.981.2667
Blackberry: 917.365.5465
Fax: 212.981.6545
www.strozllc.com
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No right
to confidential or privileged treatment of this message is waived or
lost by any error in transmission. If you have received this message
in error, please immediately notify the sender by e-mail or by
telephone, delete the message and all copies from your system and
destroy any hard copies. You must not, directly or indirectly, use,
disclose, distribute, print or copy any part of this message if you
are not the intended recipient.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070606/25817ebd/attachment-0001.html
More information about the Users
mailing list