Tip

This is the documentation for the 22.06 version. Looking for the documentation of the latest version? Have a look here.

IPsec Endpoints

Next, the IPsec tunnel needs endpoints, defined using the following commands from within config-ipsec-tunnel mode:

local-address:

Defines the IP address used by TNSR for this IPsec tunnel. This address must exist on a TNSR interface.

remote-address:

Defines the IP address or fully qualified hostname of the remote peer.

Note

When using a hostname, TNSR must be able to resolve it using DNS in the dataplane namespace when the tunnel is configured. See System DNS Resolution Behavior for information on configuring DNS resolution in namespaces.

Additionally, the strongSwan daemon will resolve the hostname each time an IPsec connection lookup is performed.

IPsec Endpoint Example

tnsr(config-ipsec-tunnel)# local-address 203.0.113.2
tnsr(config-ipsec-tunnel)# remote-address 203.0.113.25