[strongSwan] routing and bind interface

Andreas Ascheneller a.ascheneller at konzeptpark.de
Mon Sep 27 14:39:15 CEST 2010


Hi Andreas,

your problem is that the VPN (192.168.10/24) is a subnet of the network to the server side (192.168/16).

First you can use different Networks, the you have a clean routing table.
Or you must create a new connection in the ipsec.conf file like this;

conn pass_local
	leftsubnet=192.168.10/24
	rightsubnet=192.168.10/24
	left=%defaultroute
	right=x.x.x.x (IP Addr. Gateway at 192.168.0.0/16)
	type=passthrough
	authby=never
	auto=route

After you have restart the ipsec services you can access to the internal services.


For routing all traffic over the tunnel look the sample
http://www.strongswan.org/uml/testresults44/ikev1/passthrough/



Regard 
Andreas Ascheneller


-----Ursprüngliche Nachricht-----
Von: users-bounces+a.ascheneller=konzeptpark.de at lists.strongswan.org [mailto:users-bounces+a.ascheneller=konzeptpark.de at lists.strongswan.org] Im Auftrag von Andreas Muerdter
Gesendet: Montag, 27. September 2010 12:15
Betreff: [strongSwan] routing and bind interface

Hi @all,

I use ikev1 with pluto, and have configured a vpn tunnel with 192.168/16. My internal IP address is 192.168.10.1. When I start strongswan, the clients behind the vpn gateway can not connect to the internal services and all traffic is routed into the VPN Tunnel.

I think this happens because of strongswan listen on all interfaces and the strongswan routing matches before the kernel routing.

Local Net                     VPN gateway        VPN tunnel 192.168.10.0/24<>192.168.0.0/16
|192.168.10.0/24| ---> |192.168.10.1| ===============>>      OTHER VPN GATEWAY

How can I bind pluto on only one interface? with "interface=eth1" it does not work.


Regards
Andreas



_______________________________________________
Users mailing list
Users at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users




More information about the Users mailing list