[strongSwan] Problem setting source IP
dfeist at bgc-jena.mpg.de
Tue Jul 17 15:43:27 CEST 2012
I am trying to connect a remote site to our internal network with
strongswan. Here is my setup:
- 1 server + additional clients on private subnet 10.3.9.0/24
- server is directly connected to the internet through a DSL line
- server has only one network interface (eth0), so I need virtual IPs
- server is also default gateway for clients on private subnet
IP setup on remote server
eth0: 10.3.9.20 (standard server address on remote side)
eth0:1 10.3.9.1 (default gateway address for clients)
eth0:2 220.127.116.11 (outside connection)
- several servers and clients on public subnet 18.104.22.168/24
- network is protected by firewall
- 1 gateway server for IPsec is reachable through firewall
IP setup on gateway server
Clients from both subnets should transparently reach each other through
the IPsec tunnel. Besides, also gateway and remote server have to be
able to talk to each other through the IPsec tunnel directly. I have
tried many configurations but only the one with the four-tunnel example
works (I know this is outdated). The example 2.4 does not work at all. I
have also tried to adapt the more up-to-date example
but to no avail. The packets do not go through the tunnel and try to
take the default route instead.
With my working setup, I have one problem: packets from the remote
server appear in the local network with IP address 22.214.171.124. I would
prefer to have them come in with source IP 10.3.9.20 but no luck so far.
Here is my currently working setup:
# ipsec.conf - strongSwan IPsec configuration file
As you can see, I tried to add "rightsourceip" at several points but
every time I uncomment one of them, it breaks the connection.
I would appreciate any help, espcially hints for a less complicated setup.
PS: I am using strongswan 4.4.1-5.2 on Debian Squeeze on both machines.
More information about the Users