[strongSwan] VPN client traffic through web proxy

S S 0x737475 at gmail.com
Thu Aug 23 21:50:20 CEST 2012


Hi there,

I'm experimenting with Strongswan and have hit a problem.

I have a setup working using IKEv2, x509 certs, and virtual IP pool.
However internet traffic is being routed back out the VPN gateway external
interface. I'd like to route the traffic out of a dedicated proxy server
instead.

The setup is as follows.

A. VPN gateway with two interfaces; one external interface facing the
internet, one interface on the private subnet (10.0.1.0/24).

B. Internal services such as a webserver on the private subnet (10.0.1.0/24
).

C. Proxy server with two interfaces; one external interface facing the
internet (different from the VPN gateway), one interface on the private
subnet (10.0.1.0/24).

VPN clients are placed in the virtual IP pool 10.0.2.0/24.

The idea is all traffic from the clients has to go through the tunnel. As
mentioned above I can route clients to the internet popping out from the
VPN gateway. I can also route services B through the proxy C successfully.
However I'm unable to get VPN clients to route through the proxy in a
similar manner.

It seems that the iptables and table 220 rules always route through the
interface that the connection comes in on (eth0) rather than to the
internal interface (eth1).

Any ideas how I can correct this? I feel like there should be some static
routes or other rules but I want to be able to scale with automatic rules
added etc.

Many thanks,
7
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120823/8ba9554a/attachment.html>


More information about the Users mailing list