[strongSwan] routing and bind interface
Andreas Ascheneller
a.ascheneller at konzeptpark.de
Mon Sep 27 14:39:15 CEST 2010
Hi Andreas,
your problem is that the VPN (192.168.10/24) is a subnet of the network to the server side (192.168/16).
First you can use different Networks, the you have a clean routing table.
Or you must create a new connection in the ipsec.conf file like this;
conn pass_local
leftsubnet=192.168.10/24
rightsubnet=192.168.10/24
left=%defaultroute
right=x.x.x.x (IP Addr. Gateway at 192.168.0.0/16)
type=passthrough
authby=never
auto=route
After you have restart the ipsec services you can access to the internal services.
For routing all traffic over the tunnel look the sample
http://www.strongswan.org/uml/testresults44/ikev1/passthrough/
Regard
Andreas Ascheneller
-----Ursprüngliche Nachricht-----
Von: users-bounces+a.ascheneller=konzeptpark.de at lists.strongswan.org [mailto:users-bounces+a.ascheneller=konzeptpark.de at lists.strongswan.org] Im Auftrag von Andreas Muerdter
Gesendet: Montag, 27. September 2010 12:15
Betreff: [strongSwan] routing and bind interface
Hi @all,
I use ikev1 with pluto, and have configured a vpn tunnel with 192.168/16. My internal IP address is 192.168.10.1. When I start strongswan, the clients behind the vpn gateway can not connect to the internal services and all traffic is routed into the VPN Tunnel.
I think this happens because of strongswan listen on all interfaces and the strongswan routing matches before the kernel routing.
Local Net VPN gateway VPN tunnel 192.168.10.0/24<>192.168.0.0/16
|192.168.10.0/24| ---> |192.168.10.1| ===============>> OTHER VPN GATEWAY
How can I bind pluto on only one interface? with "interface=eth1" it does not work.
Regards
Andreas
_______________________________________________
Users mailing list
Users at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list