IPsec Endpoints

Next, the IPsec tunnel needs endpoints, defined using the following commands from within config-ipsec-tun mode:

local-address

Defines the IP address used by TNSR for this IPsec tunnel. This address must exist on a TNSR interface.

remote-address

Defines the IP address or fully qualified hostname of the remote peer.

Note

When using a hostname, TNSR must be able to resolve it using DNS in the dataplane namespace when the tunnel is configured. See System DNS Resolution Behavior for information on configuring DNS resolution in namespaces.

Additionally, the strongSwan daemon will resolve the hostname each time an IPsec connection lookup is performed.

IPsec Endpoint Example

tnsr(config-ipsec-tun)# local-address 203.0.113.2
tnsr(config-ipsec-tun)# remote-address 203.0.113.25