<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><font face="Helvetica, Arial, sans-serif">Sure, please find
enclosed the requested files.</font></p>
<p><font face="Helvetica, Arial, sans-serif">Best regards/Viele
GrĂ¼sse <br>
Martin<br>
</font></p>
<br>
<div class="moz-cite-prefix">On 02/24/2017 11:52 PM, Noel Kuntze
wrote:<br>
</div>
<blockquote
cite="mid:f2854b0f-68d9-a915-aff6-bca16bdf138a@familie-kuntze.de"
type="cite">
<pre wrap="">Of course not. This is not a problem with the routing table.
Please make sure you understand exactly what's going on before
attempting to solve problems. Other technology might not
be as forgiving as this.
The problem is probably that your security policies don't allow
the forwarding of the traffic or you have SNAT/MASQUERADE (or other)
iptables rules that either change addresses so the traffic doesn't
match the policies anymore or outright drop it.
Please provide a paste of the output of `ipsec statusall`
and `iptables-save`.
On 24.02.2017 23:49, Martin Sand wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi all
After some time I began to investigate again.
I think the problem is that my strongSwan router is behind a modem (another router) which I cannot set to bridge modus.
The modem is NATing the traffic.
Routing table 220 shows the problem.
The traffic is sent to the modem (192.168.0.1), connected to the internet and my strongSwan vpn router (192.168.2.1).
The modem is also the default gateway.
root@OpenWrt:~# ip route show table 220
192.168.1.0/24 via 192.168.0.1 dev eth0 proto static src 192.168.2.1
192.168.3.0/24 via 192.168.0.1 dev eth0 proto static src 192.168.2.1
I tried to get around the problem by setting the via route to the external IP of my modem (134.100.110.120).
But this does not work:
root@OpenWrt:~# ip r c table 220 192.168.1.0/24 via 134.100.110.120 dev eth0 proto static src 192.168.2.1
RTNETLINK answers: Network is unreachable
Any ideas on how to solve the issue?
Best regards
Martin
On 11/08/2016 08:46 PM, Martin Sand wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi all
I have a Hub and Spoke setup:
* Central server 192.168.0.1
* Router 1: 192.168.1.1
* Router 2: 192.168.2.1
I cannot reach the computers on the other side of the network although tunnel is established.
Do I miss an iptable or route information?
Output from 192.168.1.100 when trying to reach a computer on the other network (192.168.2.100):
[user@workstation ~]$ tracepath 192.168.2.100
1?: [LOCALHOST] pmtu 1500
1: router-1 0.475ms
1: router-1 0.445ms
2: no reply
Output of route on Router 1 (192.168.1.1):
192.168.2.0/24 via 80.10.10.1 dev eth0 proto static src 192.168.1.1
Output of route on Router 2 (192.168.2.1):
192.168.1.0/24 via 192.168.0.1 dev eth0 proto static src 192.168.2.1
Any ideas on what is going wrong? Maybe because one router shows the external IP of the Hub instead of the internal one?
Best regards
Martin
_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.strongswan.org/mailman/listinfo/users">https://lists.strongswan.org/mailman/listinfo/users</a>
</pre>
</blockquote>
<pre wrap="">
_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.strongswan.org/mailman/listinfo/users">https://lists.strongswan.org/mailman/listinfo/users</a>
</pre>
</blockquote>
<pre wrap="">
</pre>
</blockquote>
<br>
</body>
</html>