Tip
This is the documentation for the 22.02 version. Looking for the documentation of the latest version? Have a look here.
IPsec Endpoints¶
Next, the IPsec tunnel needs endpoints, defined using the following commands
from within config-ipsec-tun
mode:
- local-address:
Defines the IP address used by TNSR for this IPsec tunnel. This address must exist on a TNSR interface.
- remote-address:
Defines the IP address or fully qualified hostname of the remote peer.
Note
When using a hostname, TNSR must be able to resolve it using DNS in the
dataplane
namespace when the tunnel is configured. See System DNS Resolution Behavior for information on configuring DNS resolution in namespaces.Additionally, the strongSwan daemon will resolve the hostname each time an IPsec connection lookup is performed.
IPsec Endpoint Example¶
tnsr(config-ipsec-tun)# local-address 203.0.113.2
tnsr(config-ipsec-tun)# remote-address 203.0.113.25