[strongSwan] Please help: Cannot route (statically) through the Strongswan tunnel
Răzvan Sandu
razvan.sandu at mobexpert.ro
Thu Oct 3 15:34:03 CEST 2013
Hello,
Probably my question is already a FAQ, but I am asking for your kind
help, since I was unable to find the answer in official Strongswan
documentation.
Please consider the attached PNG network diagram (which is totally
imaginary).
I already have a working Strongswan tunnel between the two NAT gateways
(running CentOS 6.4) and I am able to ping any host from 192.168.1.0/24
to 10.1.1.0/24 and reverse.
However, even if the four backoffice routers contain (static) routes,
given as:
/sbin/ip route add <network>/<prefix> via <gateway> dev <interface>
I am unable to ping between 10.2.1.0/24, 10.3.1.0/24, 192.168.23.0/24
and 192.168.24.0/24 (from each other). Of course, I AM able to ping
between the LANs on EACH SIDE of the tunnel, but not OVER the tunnel.
After establishing the tunnel, I am unable to enter static routes in the
NAT gateways themselves, since Strongswan does not create any virtual
tunnel interface, to be used as the <interface> parameter in the command
line above.
Could you please provide the correct solution (or point me to relevant
documentation)? Maybe it will help other users, too.
Thanks!
Best regards,
Răzvan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: strongswan1.png
Type: image/png
Size: 109589 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131003/9c69f31f/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: razvan_sandu.vcf
Type: text/x-vcard
Size: 425 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131003/9c69f31f/attachment.vcf>
More information about the Users
mailing list