IPSec on Virtual IP fails auth
-
Hi everyone,
My ISP gives me a /32 allocation via PPPoE and an extra /29 that gets routed down the same pipe. It all works fine, I can assign those extra IPs as Virtual IPs and I can get traffic routed down to hosts in my LAN using 1:1 NAT.
However, I was trying to get one of the /29 allocation as a WAN IP for an IPSec tunnel for mobile clients and this doesn't seem to work.
To be clear, I get the exact same setup working with my main WAN IP, but once I change it to use one of the extra IPs (by changing the interface in the IPSec config) I see the following line in the logs when a client tries to connect:
11[CFG] <1> looking for peer configs matching 127.0.0.1[vpn.xxx]...yyy[tiago@xxx]
The bad bit about this seems to be the 127.0.0.1 which is the local address I use in the 1:1 NAT config. The IPSec server doesn't seem to be receiving the extra WAN IP, but sees the NATed address instead which causes the auth to fail.
When I do this using my main WAN IP, the logs show the real WAN IP (instead of 127.0.0.1) and it all works fine.
Any ideas on how can I get IPSec working using a Virtual IP?