[strongSwan] Please help: Cannot route (statically) through the Strongswan tunnel
Martin Willi
martin at strongswan.org
Fri Oct 4 10:00:05 CEST 2013
Hi Răzvan,
> I am unable to ping between 10.2.1.0/24, 10.3.1.0/24, 192.168.23.0/24
> and 192.168.24.0/24 (from each other).
How does your left/rightsubnet configuration look like? Have you
included all the subnets to tunnel? What shows "ipsec statusall"?
Does a ping from 10.2.1.0/24 make it to the first gateway? To the
second? Does the reply get lost on the return path?
> After establishing the tunnel, I am unable to enter static routes in the
> NAT gateways themselves, since Strongswan does not create any virtual
> tunnel interface, to be used as the <interface> parameter in the command
> line above.
Linux does not have IPsec interfaces, and they are not needed. You can
install routes nonetheless.
However, you won't have to install any routes. strongSwan magically
installs all the required routes for the negotiated IPsec policies.
These routes won't go into the main table, though, use "ip route show
table 220" to show them.
Regards
Martin
More information about the Users
mailing list