[strongSwan] Local-to-Local subnet IPsec tunnels through strongSwan GW?

[Mark M]

Hi,

I have strongSwan setup as a gateway for two Windows 7 clients on the same local subnet. I would like the local IP address/subnet of the Windows 7 clients to be sent over the tunnel to the strongSwan gateway and then sent back out to the destination local ip address over the ipsec tunnel. I have not been able to get this to work.

On the gateway I have an interface of 192.168.2.1. Now on the Windows 7 Clients i add a default route to this interface with "route add 192.168.1.0 MASK 255.255.255.0 192.168.2.1" , With that route added, traffic for the local 192.168.1.0 subnet is routed over the tunnel to the gateway, but when it leaves the gateway it is not in the ipsec tunnel to the remote local host and has the source as the virtual ip address from where it came from. Also, for some reason the remote local Windows 7 clients does not respond to these packets.

So once the gateway receives the packets destined for a local subnet, it needs to be sent back out to the local Windows 7 destination IP address over the tunnel destined for the virtual ip of destination local host. I have not been able to make this happen.

Does anyone know how I could get this to work?


Mark-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130312/3da8399f/attachment.html>