<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi, Bernhard<br>
<br>
Follow your advice, I added this route.<br>
But it does not work.<br>
<br>
I want to know how you configure strongswan in "public IP on eth0
192.168.120.125". <br>
<br>
192.168.2.0/24 <=> 192.168.2.1 hardware router xx.xx.xx.xx
(public IP from provider) <=> Internet <=> public IP
on eth0 192.168.120.125 <=> 192.168.120.0/24 on eth1<br>
<br>
how do you configure your strongswan? what is the version of
strongswan? Do you enable tnc feature?<br>
<br>
Would you like to share your configuration files? such as
ipsec.conf, strongswan.conf.<br>
<br>
Thanks a lot.<br>
Zhu Yanjun<br>
<br>
On 05/06/2015 09:32 PM, Bernhard Marx wrote:<br>
</div>
<blockquote
cite="mid:CANg3f_7w_opHbM2FJkk-1J+WQkXz9OOrhon7d5BWcjHJ9+P2KQ@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Alex,
<div><br>
</div>
<div>yes; I had a default gateway of 192.168.120.5 in the
network. </div>
<div>strongswan server has a own separate ip...</div>
<div><br>
</div>
<div>Yes I'm trying adding this route on the "primary" gateway,
but it looks like as it is a MS-TMG (Microsoft Forefront
server) it not really taking the route...</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2015-05-06 15:05 GMT+02:00 Alex
Zetaeffesse <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:fzetafs@gmail.com" target="_blank">fzetafs@gmail.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote"><span class="">On Wed, May 6,
2015 at 8:44 AM, Bernhard Marx <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:bernhard.marx@gmail.com"
target="_blank">bernhard.marx@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px
0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr">Hi all,
<div><br>
</div>
<div>for my issue I could resolve it with adding
a routing rule to all clients, because the VPN
is not the default gateway for <a
moz-do-not-send="true"
href="http://192.168.120.0/24"
target="_blank">192.168.120.0/24</a>
network...</div>
</div>
</blockquote>
<div><br>
</div>
</span>Hi Berhnard,
<div><br>
</div>
<div>my understanding is that you have two Internet
lines, am I correct?</div>
<div>it should be possible to add a route on the real
gateway to redirect packets to the 2nd (VPN) gateway
without intervening on each client.</div>
<div>I knew it might be a routing problem,</div>
<div><br>
</div>
<div>Alex </div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.strongswan.org/mailman/listinfo/users">https://lists.strongswan.org/mailman/listinfo/users</a></pre>
</blockquote>
<br>
</body>
</html>