<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><font face="Helvetica, Arial, sans-serif">Hi all</font></p>
<p><font face="Helvetica, Arial, sans-serif">After some time I began
to investigate again. <br>
I think the problem is that my strongSwan router is behind a
modem (another router) which I cannot set to bridge modus.<br>
The modem is NATing the traffic.<br>
</font></p>
<p><font face="Helvetica, Arial, sans-serif">Routing table 220 shows
the problem. <br>
The traffic is sent to the modem (192.168.0.1), connected to the
internet and my strongSwan vpn router (192.168.2.1).<br>
The modem is also the default gateway. <br>
</font></p>
<p><font face="Helvetica, Arial, sans-serif">root@OpenWrt:~# ip
route show table 220<br>
192.168.1.0/24 via 192.168.0.1 dev eth0 proto static src
192.168.2.1 <br>
192.168.3.0/24 via 192.168.0.1 dev eth0 proto static src
192.168.2.1 </font></p>
<p><font face="Helvetica, Arial, sans-serif">I tried to get around
the problem by setting the via route to the external IP of my
modem (</font><font face="Helvetica, Arial, sans-serif">134.100.110.120).<br>
But this does not work:<br>
</font></p>
<p><font face="Helvetica, Arial, sans-serif">root@OpenWrt:~# ip r c
table 220 192.168.1.0/24 via 134.100.110.120 dev eth0 proto
static src 192.168.2.1<br>
RTNETLINK answers: Network is unreachable<br>
</font></p>
<p><font face="Helvetica, Arial, sans-serif">Any ideas on how to
solve the issue?<br>
</font></p>
<p><font face="Helvetica, Arial, sans-serif">Best regards<br>
Martin<br>
</font></p>
<div class="moz-cite-prefix">On 11/08/2016 08:46 PM, Martin Sand
wrote:<br>
</div>
<blockquote cite="mid:504b9385-9c77-1b2e-d440-a89cf48617d2@gmx.net"
type="cite">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<font face="Helvetica, Arial, sans-serif">Hi all <br>
<br>
I have a Hub and Spoke setup:<br>
* Central server 192.168.0.1<br>
* Router 1: 192.168.1.1<br>
* Router 2: 192.168.2.1<br>
<br>
I cannot reach the computers on the other side of the network
although tunnel is established.<br>
Do I miss an iptable or route information?<br>
<br>
Output from 192.168.1.100 when trying to reach a computer on the
other network (192.168.2.100):<br>
[user@workstation ~]$ tracepath 192.168.2.100<br>
1?: [LOCALHOST] pmtu
1500<br>
1: router-1 0.475ms <br>
1: router-1 0.445ms <br>
2: no reply<br>
<br>
Output of route on Router 1 (</font><font face="Helvetica,
Arial, sans-serif"><font face="Helvetica, Arial, sans-serif">192.168.1.1</font>):<br>
192.168.2.0/24 via 80.10.10.1 dev eth0 proto static src
192.168.1.1 <br>
</font><br>
<font face="Helvetica, Arial, sans-serif">Output of route on
Router 2 (</font><font face="Helvetica, Arial, sans-serif"><font
face="Helvetica, Arial, sans-serif">192.168.2.1</font>):<br>
192.168.1.0/24 via 192.168.0.1 dev eth0 proto static src
192.168.2.1 <br>
<br>
Any ideas on what is going wrong? Maybe because one router shows
the external IP of the Hub instead of the internal one?<br>
<br>
Best regards<br>
Martin<br>
</font> <br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.strongswan.org/mailman/listinfo/users">https://lists.strongswan.org/mailman/listinfo/users</a></pre>
</blockquote>
<br>
</body>
</html>