[strongSwan] strongswan subnet routing
andris at lismanis.co.uk
Thu Nov 4 22:50:29 CET 2010
Thanks for your reply. Here are the details below:
rw - a virtual machine with IP of 10.0.2.15 running strongswan on Ubuntu 10.10
router1 - simple home adsl router with no inbound ports open
router2 - simple home adsl router with inbound ports 500 and 4500 (both UDP) open to server (192.168.1.3). Router had static public IP and static internal IP.
server - physical machine with one network card with ip of 192.168.1.3
hosts - other machines connected to router2 via 192.168.1.0/24 subnet
ipsec.conf - server
ipsec.conf - rw
right=22.214.171.124 # public IP of router2
As I mentioned initially I have successfully established the tunnel and can ping both ways - rw to server and vice versa.
From: Andreas Steffen [mailto:andreas.steffen at strongswan.org]
Sent: 04 November 2010 21:18
To: Andris Lismanis
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] strongswan subnet routing
a network diagram and the ipsec.conf files on both sides would help!
On 11/04/2010 06:23 PM, Andris Lismanis wrote:
> I have managed to setup a tunnel between two hosts which are behind
> firewalls (adsl routers). E.g. rw--adsl---internet---adsl--server
> (with one eth)----subnet. The problem is that I can ping and access
> the 'server' but cannot access any other hosts in the subnet. I have
> enabled ip forwarding in sysctl but with no luck. I can also see host
> addresses appearing in ARP cache when I try to ping other hosts from rw.
> Is there an option that I have not enabled? Do I need to use iptables
> to forward the packets forward and backward?
> Any help would be appriciated.
> Andris Lismanis
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
More information about the Users