[strongSwan] Send all traffic over site-to-site tunnel?

Mark M mark076h at yahoo.com
Wed Sep 5 05:29:17 CEST 2012

Hi Martin,

I finally got it working. I had to set the righsubnet= on my client and the leftsubnet= on my remote server. Now something strange is going on. The clients on the LAN can only send traffic across the tunnel and have it routed back if I add the LAN subnet route to the table 220 routing table. So if my LAN subnet is I have to do a "ip route add via dev eth0 proto static src table 220"

Is that normal behavior or a bug? Also how could I add this route automatically when i bring up the connection?

Thanks for the help.


 From: Martin Willi <martin at strongswan.org>
To: Mark M <mark076h at yahoo.com> 
Cc: "users at lists.strongswan.org" <users at lists.strongswan.org> 
Sent: Monday, September 3, 2012 3:17 AM
Subject: Re: [strongSwan] Send all traffic over site-to-site tunnel?
Hi Mark,

> I would like all traffic to be routed over the remote subnet from one
> side of the VPN tunnel, more like a remote access client on one side.

To send traffic to all destinations through the tunnel, configure
left/rightsubnet options accordingly. A subnet will cover all

> Is there a parameter to put in the configuration that will do this or
> a way to add the route into the routing table?

Extending the route is not sufficient. This is IPsec, negotiated
policies are strictly enforced. Use left/rightsubnet to configure what
to tunnel.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120904/f30f5793/attachment.html>

More information about the Users mailing list