[strongSwan] Routing problem

Ostrowski Michał / IT DIMAR m.ostrowski at dimar.pl
Thu Feb 18 16:58:43 CET 2010 

Hello,
my configuration is as follows:
config setup
         plutodebug=all
         # crlcheckinterval=600
         # strictcrlpolicy=yes
         # cachecrls=yes
         # nat_traversal=yes
         charonstart=no
         plutostart=yes
         interfaces="ipsec0=eth1"
# Add connections here.

conn dimar_alior
         ikelifetime=28800
         keylife=3600
         keyingtries=%forever
         authby=secret
         auth=esp
         ike=aes256-sha1-modp1536!
         esp=aes256-sha1-modp1536!
         pfs=yes
         auto=add
         left=my_external_ip
         leftsubnet=192.168.0.77/32
         right=aa.aa.aa.bb
         rightsourceip=aa.aa.aa.cc

Other side of a connection is probably a Cisco or Juniper appliance 
(I've not been given any information on that). I can establish the 
tunnel successfully (as confirmed by remote party) but I can't find a 
way to route the traffic through tunnel.
The aa.aa.aa.cc address above was called 'encryption domain' by third 
party, aa.aa.aa.bb is their public IP.
What would be the required routing configuration?


Additional info:
ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:25:64:3c:9e:07
           inet addr:192.168.0.1  Bcast:192.168.255.255  Mask:255.255.0.0
           inet6 addr: fe80::225:64ff:fe3c:9e07/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:2092748 errors:0 dropped:0 overruns:0 frame:0
           TX packets:2134906 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:387060174 (369.1 MiB)  TX bytes:762994019 (727.6 MiB)
           Interrupt:16

eth1      Link encap:Ethernet  HWaddr 00:25:64:3c:9e:08
           inet addr:my_external_ip  Bcast:xx.xx.xx.195 
Mask:255.255.255.252
           inet6 addr: fe80::225:64ff:fe3c:9e08/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:77785 errors:0 dropped:0 overruns:0 frame:0
           TX packets:65605 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:57921521 (55.2 MiB)  TX bytes:10439329 (9.9 MiB)
           Interrupt:17

lo        Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           inet6 addr: ::1/128 Scope:Host
           UP LOOPBACK RUNNING  MTU:16436  Metric:1
           RX packets:93421 errors:0 dropped:0 overruns:0 frame:0
           TX packets:93421 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:14600752 (13.9 MiB)  TX bytes:14600752 (13.9 MiB)


Regards,
Ostrowski Michal

More information about the Users mailing list