[strongSwan] Problem routing traffic to Public IP via Tunnel

[Angel Kafazov]

Hi,

I have problem reaching a public IP over ipsec tunnel. The first tunnel
that I configured uses a private IP for the rightsubnet and everything
works OK, but when I added a public IP on the rightsubnets= list it
doesn't. There seems to be no traffic coming to the other side of the
tunnel. The current config is:

config setup
        interfaces=%defaultroute
        klipsdebug=all
        plutodebug=all
        nat_traversal=yes

conn asa-hannover
        type=           tunnel
        authby=         secret
        left=           xxx.yyy.zzz.155
        leftid=         xx.yy.xx.236
        leftnexthop=    xxx.yyy.zzz.1
        leftsubnet=      xxx.yyy.zzz.155/32
        right=          zz.xx.yy.11
        rightnexthop=   zz.xx.yy.1
        #rightsubnets=   {X1.Y1.Z1.11/32 X2.Y2.Z3.19/32}
        esp=            aes256-sha1
        ike=            aes256-sha1
        keyexchange=    ike
        pfs=            no
        auto=           start

Traffic to private ip X1.Y1.Z1.11 is OK, but public X2.Y2.Z3.19 is not
reachable. How can I see if openswan puts packet for X2.Y2.Z3.19 in the
tunnel?

Best Regards,
Angel


----
Angel Kafazov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120416/521933bd/attachment.html>