[strongSwan] Send some of the internet traffic through the tunnel

[Gergely Horváth]

Hello again,

I've managed to fix some issues in our network. Here is a quick overview
of the current situation:
                   A                B               R
                Internet         Internet        Internet
                   |                |               |
Server ---LAN--- VPN A ==tunnel== VPN B ---LAN--- Router
 .2.1            .13.1            .214             .200
     10.46.0.0/16                   192.168.217.0/24

This is how a packet should travel:
1. Internet R -> Router
2. Router -> VPN B
3. VPN B -> VPN A (into the tunnel)
4. VPN A -> Server

And then the reply should go back the same way:
5. Server -> VPN A
6. VPN A -> VPN B
7. VPN B -> Router
8. Router -> Internet R

Between the Router and the Server the communication is working fine. It
is beacause the IPSec tunnel is configured to have the 10.46.0.0/16
network on the left and the 192.168.217.0/24 on the right and both the
Server and the Router know that the gateway is the VPN A and B on each
side. If I try to proxy Internet R traffic to the Server, it also works
- but id really does not make a difference, as the packet will travel
with a source address of the Router.

When I try to communicate with the Server from the Internet R address,
the Router gets the packet, forwards it (transparently - so the sender
address stays a public IP) to the VPN B host, but it does not put the
packet inside the tunnel.

How can I make it do that?

Üdvözlettel / Best regards
Gergely Horváth | gergely.horvath at inepex.com
http://inepex.com | IT Development and Location Based Services
http://inetrack.com | The customizable fleet tracking platform