[strongSwan] virtual interfaces for net to net tunneling (is it possible?)

Anthony Moon amoon at ezp.net
Wed Nov 3 20:40:37 CET 2010


I want to be able to connect to hosts on an internal LAN.. but I'm using a
virtual interface to route this machines together, let me explain with some
more verbose information..

 

This is my VPN gateway, a linux machine with 1 NIC..

eth0      Link encap:Ethernet  HWaddr 00:16:3E:05:AA:90

          inet addr:66.199.171.245  Bcast:66.199.171.255  Mask:255.255.255.0

 

eth0:0    Link encap:Ethernet  HWaddr 00:16:3E:05:AA:90

          inet addr:192.168.100.181  Bcast:192.168.100.255
Mask:255.255.255.0

 

I want to be able to access hosts on 192.168.100.0/24 via a VPN connection
to my windows 7 box at home..

 

Here is my ipsec config:

 

config setup

    plutostart=no

    interfaces=%defaultroute

 

conn %default

    keyexchange=ikev2

    ike=aes256-sha1-modp1024!

    esp=aes256-sha1!

    dpdaction=clear

    dpddelay=300s

    rekey=no

 

conn win7

    left=%any

    leftsubnet=0.0.0.0/0

    leftauth=pubkey

    leftcert=vpnCert.pem

    leftid=@tony1.ezp.net

    right=%any

    rightsourceip=192.168.100.0/24

    rightauth=eap-mschapv2

    rightsendcert=never

    eap_identity=%any

    auto=add

 

Currently this is working for accessing the VPN gateway on It's internal
IP.. but I can't access 192.168.100.10 for example.

 

Is the reason for this the fact that I am using a virtual interface for my
192.168.100.* IPs?

 

Also, I can't ping 192.168.100.181  (VPN gateway internal IP) if my
rightsourceip is set to anything other than "192.168.100.0/24" - why is
this?

 

-- 

Anthony Moon

EZProvider Networks, Inc.

http://ezp.net

1.888.397.7853 x203

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101103/39af5c33/attachment.html>


More information about the Users mailing list