[strongSwan] Access to gateway & firewall

Martin Willi martin at strongswan.org
Wed Jan 25 10:04:26 CET 2012

Hello Radek,

> Problem over here is that when I turn on firewall packets are rejected 
> because origin of (decrypted) packets is eth0. Is there any possibility 
> to route VPN traffic via dummy0, so firewall will see those as comming 
> from dummy0?

I'm not aware of any method to change the interface identifier.

I'd recommend to adjust your firewall rules. Have a look at iptables
ipsec "policy" matching, it is rather powerful. It allows you to match
traffic that comes out of any (or even a specific) IPsec tunnel.


More information about the Users mailing list