Ping a Specific Port

Question

Robert Siemer

Asked: 2015-07-30 15:31:05 +0800 CST2015-07-30 15:31:05 +0800 CST 2015-07-30 15:31:05 +0800 CST

How can I tell strongswan that left is local (independent of IPs)?

772

Is there something like local = left which I could use in the strongSwan configuration?

I don’t want to use any IP-addresses, as they might change. And I don’t want the server to guess it, I want to fix it that way beyond any doubt.

In all of my “client-to-site” configurations I could not copy over the configuration to the other side unmodified. Not even the connection-section alone. Together with the fact that there seems no way to force it, this left/right-division is really not to my liking...

1 Answers

Voted

ecdsa · Answer 1 · 2015-07-30T23:15:31+08:00

Best Answer

ecdsa

2015-07-30T23:15:31+08:002015-07-30T23:15:31+08:00

left = local is the default. Only if an IP or resolved FQDN defined in right matches a local IP will the sides be switched. The left|right distinction is a legacy from FreeS/WAN and obviously mostly useful in site-to-site and host-to-host scenarios.

Edit: The charon.plugins.stroke.allow_swap option mentioned in the comments that allows to ensure left = local is supported since strongSwan 5.3.3.

An alternative is to use a VICI / swanctl based config, which allows to clearly specify local and remote addresses.

1

How can I tell strongswan that left is local (independent of IPs)?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?