[strongSwan] Indirect Subnet Routing Question

Andreas Steffen andreas.steffen at strongswan.org
Thu Jun 21 09:06:54 CEST 2012


Hi Terry,

you have to define the following Traffic selectors:

Host A

conn a-b-c
     leftsubnet=169.254.1.0/24
     rightsubnet=169.254.2.0/23
     ...

Host B

conn a-b-c
     leftsubnet=169.254.2.0/23
     rightsubnet=169.254.1.0/24
     ...

All hosts on subnet A must have 169.254.1.1 as their default gateway
All hosts on subnet B must have 169.254.2.1 as their default gateway
All hosts on subnet C must have 169.254.3.1 as their default gateway

Host C must have a route to subnet A via host B
Host B must have a route to subnet C via host C

Regards

Andreas

On 21.06.2012 07:54, T Cheung wrote:
> Hi,
> 
> I am trying to configure a route to a subnet, but couldn't figured out how.
> 
> Here is my setup:
> 
> Host A on subnet A (169.254.1.0) with ip address 169.254.1.1.
> Host B on subnet B (169.254.2.0) with ip address 169.254.2.1.
> Strongswan is running on both Host A and B and have IPsec tunnel
> between subnet A and subnet B.
> 
> Host C is on subnet B  with ip address 169.254.2.10.  I can ping from
> Host A to Host C.
> 
> Host C is also on another subnet C (169.254.3.0) with ip address 169.254.3.1.
> Host C would not have strongswan.  And Host D is on same subnet C with
> ip address 169.254.3.2.
> 
> Is there a way to set up a route such that we can ping from Host A to
> Host D?  For example, to
> install a route on host A that says to get to the 169.254.3.0 net by
> going thru 169.254.2.10.  Linux
> routing does not know about 169.254.2.10.
> 
> Thanks,
> Terry

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4489 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120621/f030b68a/attachment.bin>


More information about the Users mailing list