[strongSwan] Indirect Subnet Routing Question

T Cheung tccheung1 at gmail.com
Sat Jun 23 01:06:14 CEST 2012 

Hi Andreas,

I couldn't get it to work.  All hosts on subnet A is only Host A.  But
standard unix routing on Host A
doesn't know about subnet B.  If I tried to reach from Host A to Host
C with subjnet B address
169.254.2.10, it works fine.  I think IPSec handles that part.  If I
tried to reach Host C with its subnet
C address, ping fails with message from first gateway 169.254.1.1.
This gateway simply doesn't '
know about 169.254.3.1.

On Host B, I can reach Host C with subnet C address since I can ping
from Host B to 169.254.3.1.

So I have a route from A to B, since I can ping from A to B
(169.254.1.1 to 169.254.2.1).
I also have a route from B to C, since I can ping from B to
169.254.3.1.  But I cannot
ping from A to C at address 169.254.3.1.

Thanks,
Terry

On Thu, Jun 21, 2012 at 12:06 AM, Andreas Steffen
<andreas.steffen at strongswan.org> wrote:
> Hi Terry,
>
> you have to define the following Traffic selectors:
>
> Host A
>
> conn a-b-c
>     leftsubnet=169.254.1.0/24
>     rightsubnet=169.254.2.0/23
>     ...
>
> Host B
>
> conn a-b-c
>     leftsubnet=169.254.2.0/23
>     rightsubnet=169.254.1.0/24
>     ...
>
> All hosts on subnet A must have 169.254.1.1 as their default gateway
> All hosts on subnet B must have 169.254.2.1 as their default gateway
> All hosts on subnet C must have 169.254.3.1 as their default gateway
>
> Host C must have a route to subnet A via host B
> Host B must have a route to subnet C via host C
>
> Regards
>
> Andreas
>
> On 21.06.2012 07:54, T Cheung wrote:
>> Hi,
>>
>> I am trying to configure a route to a subnet, but couldn't figured out how.
>>
>> Here is my setup:
>>
>> Host A on subnet A (169.254.1.0) with ip address 169.254.1.1.
>> Host B on subnet B (169.254.2.0) with ip address 169.254.2.1.
>> Strongswan is running on both Host A and B and have IPsec tunnel
>> between subnet A and subnet B.
>>
>> Host C is on subnet B  with ip address 169.254.2.10.  I can ping from
>> Host A to Host C.
>>
>> Host C is also on another subnet C (169.254.3.0) with ip address 169.254.3.1.
>> Host C would not have strongswan.  And Host D is on same subnet C with
>> ip address 169.254.3.2.
>>
>> Is there a way to set up a route such that we can ping from Host A to
>> Host D?  For example, to
>> install a route on host A that says to get to the 169.254.3.0 net by
>> going thru 169.254.2.10.  Linux
>> routing does not know about 169.254.2.10.
>>
>> Thanks,
>> Terry
>
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>

More information about the Users mailing list