[strongSwan] Strongswan as a VPN Hub with a single network adapter
Tobias Brunner
tobias at strongswan.org
Fri Aug 30 14:21:37 CEST 2013
Hi Kevin,
> The routing on the 10.4.0.0 spoke is configured that any communication
> to the following subnets
> 10.30.0.0/16,10.7.0.0/16,10.6.0.0/16,10.3.0.0/16,172.16.0.0/16
> will be routed to the Strongswan VPN gateway public IP (I've yet to
> setup the tunnels for 10.30.0.0, 10.7.0.0 and 10.3.0.0)
How did you configure the spokes? Did you specify all those subnets in
righsubnet? Or did you use rightsubnet=0.0.0.0/0 so that the gateway
can narrow the subnets to whatever it has configured as leftsubnet?
Configuring the subnets as leftsubnet on the gateway is correct, even if
it doesn't have an IP address in any of them installed. As seen, the
daemon will complain that it can't find a local address that is
contained in the traffic selector, but that only means that it will not
install a source route, which is fine for the subnets it is not directly
attached to.
Regards,
Tobias
More information about the Users
mailing list