I have a machine running as a router and firewall. It has several ipsec policy based VPNs using Libreswan. The ipsec1 interface is associated with a vlan subinterface ie ipsec1@bond1.1132. Is it possible to add an ipv4 address to ipsec1@bond1.1132 and use it as a leftsubnet in the ipsec config. I’m a bit reluctant to just try it as I don’t want to risk breaking the current working setup.
So, you’re trying to tunnel IPSEC inside IPSEC? You can do this… but I’d question whether you really need to. Can you elaborate on what your intended end state is?
Not that tricky. I just want outgoing traffic from the machine eg. ntp connection to an ntp server to be routed via one of the VPN’s but I want to be able to use a specific source address. I assume that if the ipsec interface has an ip address on it that any traffic sourced from the machine itself will use the ip address of the outgoing interface as the source before being encrypted and sent over the matching VPN.. I might be confusing myself.