<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div><span>Hi Martin,</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span>I finally got it working. I had to set the righsubnet=0.0.0.0/0 on my client and the leftsubnet=0.0.0.0/0 on my remote server. Now something strange is going on. The clients on the LAN can only send traffic across the tunnel and have it routed back if I add the LAN subnet route to the table 220 routing table. So if my LAN subnet is 192.168.56.0/24 I have to do a "ip route add 192.168.56.0/24 via 192.168.56.1 dev eth0 proto static src 192.168.56.1 table
220"</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span>Is that normal behavior or a bug? Also how could I add this route automatically when i bring up the connection?</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span>Thanks for the help.</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color:
transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span>Mark-<br></span></div><div><br></div> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div dir="ltr"> <font face="Arial" size="2"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> Martin Willi <martin@strongswan.org><br> <b><span style="font-weight: bold;">To:</span></b> Mark M <mark076h@yahoo.com> <br><b><span style="font-weight: bold;">Cc:</span></b> "users@lists.strongswan.org" <users@lists.strongswan.org> <br> <b><span style="font-weight: bold;">Sent:</span></b> Monday, September 3, 2012 3:17 AM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [strongSwan] Send all
traffic over site-to-site tunnel?<br> </font> </div> <br>
Hi Mark,<br><br>> I would like all traffic to be routed over the remote subnet from one<br>> side of the VPN tunnel, more like a remote access client on one side.<br><br>To send traffic to all destinations through the tunnel, configure<br>left/rightsubnet options accordingly. A 0.0.0.0/0 subnet will cover all<br>destinations.<br><br>> Is there a parameter to put in the configuration that will do this or<br>> a way to add the route into the routing table?<br><br>Extending the route is not sufficient. This is IPsec, negotiated<br>policies are strictly enforced. Use left/rightsubnet to configure what<br>to tunnel.<br><br>Regards<br>Martin<br><br><br><br><br> </div> </div> </div></body></html>