[strongSwan] strange behavior with non local network traffic

Martin Willi martin at strongswan.org
Mon Mar 18 15:31:10 CET 2013


> [...], the traffic is not forwarded. The VPN-Gateway has a internal IP
> and an external IP like XXX.XXX.94.199. So when the
> client comes from the network 192.168.170.x, and not from 192.168.16.x
> nothing happends.

As you don't seem to assign a virtual IP to the client, how should
routing between your clients network and the internal network work? Do
your internal clients know the route to the address the client uses?

Usually you use virtual IPs (using rightsourceip) for such setups, where
you can configure a route for the internal hosts to the VPN client. If
this all should work transparently, you can use the farp plugin [1] that
can do ARP faking for your VPN clients, optionally combined with the
dhcp plugin [2]. These plugins are for charon, though, hence you'll need
a 5.x version of strongSwan to handle IKEv1 clients with them.



More information about the Users mailing list